diff options
| author | Asha Akkiangady <aakkiang@redhat.com> | 2015-06-15 00:50:22 -0400 |
|---|---|---|
| committer | Asha Akkiangady <aakkiang@redhat.com> | 2015-06-15 00:53:04 -0400 |
| commit | 3ea331ef85c341a3769865304eb7ab256f9f5e6b (patch) | |
| tree | d6f5bcccf79d792cc7754df708ffeeba5427a1e6 /tests | |
| parent | 3b54cb0a675bbdf345e3fd5c914886483d98a821 (diff) | |
| download | pki-3ea331ef85c341a3769865304eb7ab256f9f5e6b.tar.gz pki-3ea331ef85c341a3769865304eb7ab256f9f5e6b.tar.xz pki-3ea331ef85c341a3769865304eb7ab256f9f5e6b.zip | |
Added pki user KRA, OCSP, TKS and TPS tests.
Modified user CA test scripts to check for subsystem installed status.
Diffstat (limited to 'tests')
65 files changed, 46162 insertions, 2936 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index 9fac29b4c..3a1847b85 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -119,11 +119,57 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh chmod a+x ./acceptance/cli-tests/pki-tests-setup/cleanup-role-users.sh #user KRA + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-find-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-del-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-add-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-find-kra.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-del-kra.sh chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh chmod a+x ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh + #user OCSP + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-mod-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-add-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-find-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-del-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-find-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-add-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-show-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-delete-ocsp.sh + #user TKS + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-mod-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-find-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-del-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-add-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-find-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-del-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-find-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-add-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-show-tks.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-delete-tks.sh + #user TPS + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-add-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-show-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-mod-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-find-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-del-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-add-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-find-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-del-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-find-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-add-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-show-tps.sh + chmod a+x ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-delete-tps.sh #CA user chmod a+x ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-add.sh chmod a+x ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-show.sh diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh index b100cdbf7..335f2322a 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-add-ca.sh @@ -46,33 +46,34 @@ run_pki-user-cli-user-add-ca_tests(){ SUBSYSTEM_TYPE=$2 MYROLE=$3 prefix=$subsystemId - ca_instance_created="False" - if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS - fi - else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) - fi + rlPhaseStartSetup "pki_user_cli_user_add-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) untrusted_cert_nickname=role_user_UTCA if [ "$ca_instance_created" = "TRUE" ] ; then - - lPhaseStartSetup "pki_user_cli_user_add-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli-configtest: pki user --help configuration test" rlRun "pki user --help > $TmpDir/pki_user_cfg.out 2>&1" \ 0 \ @@ -802,7 +803,7 @@ run_pki-user-cli-user-add-ca_tests(){ -t ca \ group-member-add \"Certificate Manager Agents\" $user > $TmpDir/pki-user-add-ca-007_1_1.out" \ 0 \ - "Add user $user to Administrators group" + "Add user $user to Certificate Manager Agents group" rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-ca-007_1_1.out" rlAssertGrep "User: $user" "$TmpDir/pki-user-add-ca-007_1_1.out" @@ -815,7 +816,7 @@ run_pki-user-cli-user-add-ca_tests(){ -t ca \ group-member-find \"Certificate Manager Agents\" > $TmpDir/pki-user-add-ca-007_2.out" \ 0 \ - "Show pki group-member-find Administrators" + "Show pki group-member-find Certificate Manager Agents" rlAssertGrep "User: $user" "$TmpDir/pki-user-add-ca-007_2.out" rlPhaseEnd @@ -1005,7 +1006,7 @@ run_pki-user-cli-user-add-ca_tests(){ "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" rlAssertGrep "ClientResponseFailure: ldap can't save, exceeds max length" "$TmpDir/pki-user-add-ca-001_50.out" rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-user-add-ca-001_50.out" - rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ca-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ca-001_50.out" rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" rlPhaseEnd @@ -1408,7 +1409,7 @@ Import CA certificate (Y/n)? \"" >> $expfile rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting users" + rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting users" #===Deleting users created using ${prefix}_adminV cert===# i=1 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh index eef873cf6..829e3ed97 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh @@ -50,37 +50,37 @@ ######################################################################## run_pki-user-cli-user-cert-add-ca_tests(){ -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -ca_instance_created="False" - -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + + ##### Create a temporary directory to save output files ##### + rlPhaseStartSetup "pki_user_cli_user_cert-add-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi else - prefix=ROOTCA - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) fi -else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) -fi -SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) if [ "$ca_instance_created" = "TRUE" ] ; then - - ##### Create a temporary directory to save output files ##### - rlPhaseStartSetup "pki_user_cli_user_cert-add-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - local cert_info="$TmpDir/cert_info" user1=testuser1 user2=testuser2 @@ -2651,7 +2651,7 @@ rlPhaseEnd # rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" #rlPhaseEnd #===Deleting users===# -rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting role users" j=1 while [ $j -lt 3 ] ; do diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-ca.sh index 4c24bb7fa..25c1db37a 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-ca.sh @@ -41,34 +41,37 @@ # pki user-cert ran without any options should show all the command line options of pki cert run_pki-user-cert() { -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -ca_instance_created="False" -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + rlPhaseStartSetup "Create Temporary Directory " + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) fi -else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) -fi -SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) if [ "$ca_instance_created" = "TRUE" ] ; then - rlPhaseStartSetup "Create Temporary Directory " - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_cert-CA-001: pki user-cert help option" local temp_out="$TmpDir/pki_user-cert" rlLog "Executing pki user-cert --help" diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh index 87f0cbc44..be078f0e0 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh @@ -42,35 +42,37 @@ #pki-user-cli-role-user-create-tests should be first executed prior to pki-user-cli-user-cert-delete-ca.sh ###################################################################################### run_pki-user-cli-user-cert-delete-ca_tests(){ -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -ca_instance_created="False" -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS - fi -else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) -fi - -SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + ##### Create temporary directory to save output files ##### + rlPhaseStartSetup "pki_user_cli_user_cert-del-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -if [ "$ca_instance_created" = "TRUE" ] ; then - ##### Create temporary directory to save output files ##### - rlPhaseStartSetup "pki_user_cli_user_cert-del-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) +if [ "$ca_instance_created" = "TRUE" ] ; then user1=testuser1 user2=testuser2 user1fullname="Test user1" @@ -1007,7 +1009,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-delete-CA-0022: Add an Agent user agent #===Deleting users===# -rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting role users" j=1 while [ $j -lt 3 ] ; do diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh index cf81b334b..bd7f1b81f 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-find-ca.sh @@ -43,37 +43,37 @@ ###################################################################################### run_pki-user-cli-user-cert-find-ca_tests(){ - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -ca_instance_created="False" -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + + ####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_user_cli_user_cert-find-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS - fi -else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) -fi + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi -SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) if [ "$ca_instance_created" = "TRUE" ] ; then - - #####Create temporary dir to save the output files ##### - rlPhaseStartSetup "pki_user_cli_user_cert-find-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - user1=testuser1 user2=testuser2 user1fullname="Test user1" @@ -1063,7 +1063,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-CA-034: Find the certs of a user m rlPhaseEnd #===Deleting users===# -rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting role users" j=1 while [ $j -lt 4 ] ; do @@ -1081,7 +1081,7 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" done #Delete temporary directory - rlRun "popd" + rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd else diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh index 34487da16..bce7c0906 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh @@ -43,36 +43,38 @@ ###################################################################################### run_pki-user-cli-user-cert-show-ca_tests(){ -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -ca_instance_created="False" -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS - fi -else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) -fi + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 -SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + ##### Create temporary directory to save output files ##### + rlPhaseStartSetup "pki_user_cli_user_cert-show-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -if [ "$ca_instance_created" = "TRUE" ] ; then + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi - ##### Create temporary directory to save output files ##### - rlPhaseStartSetup "pki_user_cli_user_cert-show-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) +if [ "$ca_instance_created" = "TRUE" ] ; then user1=testuser1 user2=testuser2 user1fullname="Test user1" @@ -1095,7 +1097,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-show-CA-033: Show certs assigned to use #===Deleting users===# -rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting role users" j=1 while [ $j -lt 3 ] ; do @@ -1117,6 +1119,6 @@ rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd else - rlLog "CA instance not installed" + rlLog "CA instance not installed" fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh index a9c9147e7..d8f8c803a 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-del-ca.sh @@ -47,31 +47,33 @@ run_pki-user-cli-user-del-ca_tests(){ SUBSYSTEM_TYPE=$2 MYROLE=$3 prefix=$subsystemId - ca_instance_created="False" - if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS - fi - else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) - fi - SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) - if [ "$ca_instance_created" = "TRUE" ] ; then + rlPhaseStartSetup "pki_user_cli_user_del-CA-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd - rlPhaseStartSetup "pki_user_cli_user_del-CA-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$ca_instance_created" = "TRUE" ] ; then rlPhaseStartTest "pki_user_cli_user_del-CA-ca-configtest-001: pki user-del --help configuration test" rlRun "pki user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki user-del --help" rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del.out" @@ -665,7 +667,7 @@ Import CA certificate (Y/n)? \"" >> $expfile rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_del-ROOTCA_cleanup: Deleting the temp directory" + rlPhaseStartCleanup "pki_user_cli_user_del-ROOTCA_cleanup: Deleting the temp directory" rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh index 428d6e742..4bfc38b51 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh @@ -47,22 +47,29 @@ run_pki-user-cli-user-find-ca_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 - ca_instance_created="False" - if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS - fi - else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) - fi + # Creating Temporary Directory + rlPhaseStartSetup "pki user-find-ca Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) untrusted_cert_nickname=role_user_UTCA @@ -77,9 +84,7 @@ if [ "$ca_instance_created" = "TRUE" ] ; then user6=abc? user7=0 - rlPhaseStartSetup "pki_user_cli_user_find-ca-startup-addusers: Create temporary directory and add users" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" + rlPhaseStartSetup "pki_user_cli_user_find-ca-startup-addusers: Add users for user_find test" i=1 while [ $i -lt 25 ] ; do rlRun "pki -d $CERTDB_DIR \ @@ -699,7 +704,7 @@ Import CA certificate (Y/n)? \"" >> $expfile rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-ca-001_32_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_cleanup-021: Deleting users" + rlPhaseStartCleanup "pki_user_cli_user_cleanup-021: Deleting users" #===Deleting users created using ${prefix}_adminV cert===# i=1 while [ $i -lt 27 ] ; do diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh index 6046f1f56..478d7eb06 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-add-ca.sh @@ -47,22 +47,30 @@ run_pki-user-cli-user-membership-add-ca_tests(){ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 - ca_instance_created="False" - if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS - fi - else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) - fi + + rlPhaseStartSetup "pki_user_cli_user_membership-add-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) untrusted_cert_nickname=role_user_UTCA @@ -83,12 +91,6 @@ if [ "$ca_instance_created" = "TRUE" ] ; then groupid12="Enterprise TKS Administrators" groupid13="Enterprise RA Administrators" groupid14="Enterprise TPS Administrators" - - rlPhaseStartSetup "pki_user_cli_user_membership-add-CA-001: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-add-CA-002: pki user-membership configuration test" rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-membership > $TmpDir/pki_user_membership_cfg.out 2>&1" \ 0 \ @@ -653,7 +655,7 @@ Import CA certificate (Y/n)? \"" >> $expfile rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-add-ca-cleanup-001: Deleting the temp directory and users" + rlPhaseStartCleanup "pki_user_cli_user_membership-add-ca-cleanup-001: Deleting the temp directory and users" #===Deleting users created using CA_adminV cert===# i=1 while [ $i -lt 17 ] ; do diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh index e419c53bc..1dc7eefbd 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-del-ca.sh @@ -44,23 +44,30 @@ run_pki-user-cli-user-membership-del-ca_tests(){ SUBSYSTEM_TYPE=$2 MYROLE=$3 prefix=$subsystemId - ca_instance_created="False" - - if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS - fi - else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) - fi + + rlPhaseStartSetup "pki_user_cli_user_membership-del-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi if [ "$ca_instance_created" = "TRUE" ] ; then SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) @@ -81,12 +88,6 @@ run_pki-user-cli-user-membership-del-ca_tests(){ groupid12="Enterprise TKS Administrators" groupid13="Enterprise RA Administrators" groupid14="Enterprise TPS Administrators" - - rlPhaseStartTest "pki_user_cli_user_membership-del-CA-001: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-del-CA-002: pki user-membership-del --help configuration test" rlRun "pki user-membership-del --help > $TmpDir/pki_user_membership_del_cfg.out 2>&1" \ 0 \ @@ -751,7 +752,7 @@ Import CA certificate (Y/n)? \"" >> $expfile rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Approve Certificate request using testuser1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-del-ca-cleanup-001: Deleting the temp directory and users" + rlPhaseStartCleanup "pki_user_cli_user_membership-del-ca-cleanup-001: Deleting the temp directory and users" #===Deleting users created using CA_adminV cert===# i=1 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh index f605edca6..4b566bb37 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-membership-find-ca.sh @@ -47,22 +47,30 @@ run_pki-user-cli-user-membership-find-ca_tests(){ SUBSYSTEM_TYPE=$2 MYROLE=$3 prefix=$subsystemId - ca_instance_created="False" - if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) - else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS - fi - else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) - fi + + rlPhaseStartSetup "pki_user_cli_user_membership-find-CA-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi if [ "$ca_instance_created" = "TRUE" ] ; then SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) @@ -84,12 +92,6 @@ run_pki-user-cli-user-membership-find-ca_tests(){ groupid12="Enterprise TKS Administrators" groupid13="Enterprise RA Administrators" groupid14="Enterprise TPS Administrators" - - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-001: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-CA-002: pki user-membership-find --help configuration test" rlRun "pki user-membership-find --help > $TmpDir/pki_user_membership_find_cfg.out 2>&1" \ 0 \ @@ -271,6 +273,7 @@ run_pki-user-cli-user-membership-find-ca_tests(){ 0 \ "Checking user-mambership to group " rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" + i=1 while [ $i -lt 15 ] ; do eval gid=\$groupid$i rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-002.out" @@ -289,6 +292,7 @@ run_pki-user-cli-user-membership-find-ca_tests(){ 0 \ "Checking user-membership to group" rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" + i=1 while [ $i -lt 15 ] ; do eval gid=\$groupid$i rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-start-003.out" @@ -365,6 +369,7 @@ run_pki-user-cli-user-membership-find-ca_tests(){ user-membership-find userall --size=15 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" 0 \ "user_membership-find with size parameter as 15" rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" + i=1 while [ $i -lt 15 ] ; do eval gid=\$groupid$i rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-009.out" @@ -382,6 +387,7 @@ run_pki-user-cli-user-membership-find-ca_tests(){ user-membership-find userall --size=100 > $TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" 0 \ "user_membership-find with size parameter as 100" rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" + i=1 while [ $i -lt 15 ] ; do eval gid=\$groupid$i rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ca-size-0010.out" @@ -427,7 +433,7 @@ run_pki-user-cli-user-membership-find-ca_tests(){ 0 \ "Find user-membership with -t ca option" rlAssertGrep "14 entries matched" "$TmpDir/pki-user-membership-find-ca-018.out" - i=0 + i=1 while [ $i -lt 5 ] ; do eval gid=\$groupid$i rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-ca-018.out" @@ -628,7 +634,7 @@ run_pki-user-cli-user-membership-find-ca_tests(){ 0 \ "Find user-membership with group \"dadministʁasjɔ̃\"" rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ca-031_3.out" - rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-ca-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-ca-031_3.out" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_membership-find-CA-031: Find user-membership for user fullname with i18n characters" @@ -696,7 +702,7 @@ run_pki-user-cli-user-membership-find-ca_tests(){ rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-user-find-ca-033_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_membership-find-ca-cleanup-001: Deleting the temp directory and users" + rlPhaseStartCleanup "pki_user_cli_user_membership-find-ca-cleanup-001: Deleting the temp directory and users" #===Deleting users created using CA_adminV cert===# i=1 diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh index b1bf013bc..7669b0d49 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-mod-ca.sh @@ -49,38 +49,38 @@ ######################################################################## run_pki-user-cli-user-mod-ca_tests(){ -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -ca_instance_created="False" -if [ "$TOPO9" = "TRUE" ] ; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) -elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - prefix=$subsystemId - ca_instance_created=$(eval echo \$${subsystemId}_INSTANCE_CREATED_STATUS) + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_user_cli_user_mod-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi else - prefix=ROOTCA - ca_instance_created=$ROOTCA_INSTANCE_CREATED_STATUS + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) fi -else - prefix=$MYROLE - ca_instance_created=$(eval echo \$${MYROLE}_INSTANCE_CREATED_STATUS) -fi if [ "$ca_instance_created" = "TRUE" ] ; then - SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) - untrusted_cert_db_location=$UNTRUSTED_CERT_DB_LOCATION - untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD - - - #####Create temporary dir to save the output files ##### - rlPhaseStartSetup "pki_user_cli_user_mod-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - +SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) +untrusted_cert_db_location=$UNTRUSTED_CERT_DB_LOCATION +untrusted_cert_db_password=$UNTRUSTED_CERT_DB_PASSWORD user1=ca_agent2 user1fullname="Test ca agent" user2=abcdefghijklmnopqrstuvwxyx12345678 @@ -541,7 +541,9 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-017:--phone with maximum length and s -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=test usr1" - command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --phone='$randsym' usr1" + special_symbols="*$#" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-mod --phone='$randsym$special_symbols' usr1" + rlLog "Executing: $command" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using ${prefix}_adminV with maximum length --phone with character symbols in it" @@ -1017,7 +1019,7 @@ rlPhaseStartTest "pki_user_cli_user_mod-CA-044: Modify a user's email having i18 rlPhaseEnd #===Deleting users===# -rlPhaseStartTest "pki_user_cli_user_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting role users" i=1 while [ $i -lt 17 ] ; do diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh index 37baae890..9b7e4ee45 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh @@ -45,6 +45,36 @@ ######################################################################## run_pki-user-cli-user-show-ca_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + + rlPhaseStartSetup "pki_user_cli_user_show-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$MYROLE + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ca_instance_created" = "TRUE" ] ; then #local variables user1=ca_agent2 user1fullname="Test ca_agent" @@ -54,39 +84,9 @@ run_pki-user-cli-user-show-ca_tests(){ user5=abc@ user6=abc? user7=0 - subsystemId=$1 - SUBSYSTEM_TYPE=$2 - MYROLE=$3 - prefix=$subsystemId - - if [ "$TOPO9" = "TRUE" ] ; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - elif [ "$MYROLE" = "MASTER" ] ; then - if [[ $subsystemId == SUBCA* ]]; then - ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) - prefix=$subsystemId - CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) - else - ADMIN_CERT_LOCATION=$ROOTCA_ADMIN_CERT_LOCATION - prefix=ROOTCA - CLIENT_PKCS12_PASSWORD=$ROOTCA_CLIENT_PKCS12_PASSWORD - fi - else - ADMIN_CERT_LOCATION=$(eval echo \$${MYROLE}_ADMIN_CERT_LOCATION) - prefix=$MYROLE - CLIENT_PKCS12_PASSWORD=$(eval echo \$${MYROLE}_CLIENT_PKCS12_PASSWORD) - fi - SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) untrusted_cert_nickname=role_user_UTCA - rlPhaseStartSetup "pki_user_cli_user_show-ca-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - rlPhaseStartTest "pki_user_show-configtest: pki user-show configuration test" rlRun "pki user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \ 0 \ @@ -697,15 +697,15 @@ run_pki-user-cli-user-show-ca_tests(){ rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-show-ca-001_27.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-025: --type Subsytem Group" + rlPhaseStartTest "pki_user_cli_user_show-CA-025: --type Subsystem Group" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ - user-add --fullName=test --type=\"Subsytem Group\" u18" \ + user-add --fullName=test --type=\"Subsystem Group\" u18" \ 0 \ - "Adding user using ${prefix}_adminV with --type Subsytem Group" + "Adding user using ${prefix}_adminV with --type Subsystem Group" rlRun "pki -d $CERTDB_DIR \ -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -717,7 +717,7 @@ run_pki-user-cli-user-show-ca_tests(){ rlAssertGrep "User \"u18\"" "$TmpDir/pki-user-show-ca-001_28.out" rlAssertGrep "User ID: u18" "$TmpDir/pki-user-show-ca-001_28.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_28.out" - rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-show-ca-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-user-show-ca-001_28.out" rlPhaseEnd rlPhaseStartTest "pki_user_cli_user_show-CA-026: --type Security Domain Administrators" @@ -1081,7 +1081,7 @@ Import CA certificate (Y/n)? \"" >> $expfile rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-user-show-ca-001_57_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" + rlPhaseStartCleanup "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) #===Deleting users created using ${prefix}_adminV cert===# @@ -1118,4 +1118,7 @@ Import CA certificate (Y/n)? \"" >> $expfile rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "CA instance is not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh index 0ac74f6d3..fd63113de 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh @@ -6,14 +6,14 @@ # Description: PKI user-add CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-add Add users to pki KRA subsystem. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Author: Asha Akkiangady <aakkiang@redhat.com> +# Author: Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms @@ -32,845 +32,701 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include rhts environment -. /usr/bin/rhts-environment.sh . /usr/share/beakerlib/beakerlib.sh . /opt/rhqa_pki/rhcs-shared.sh . /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh -###################################################################################### -#pki-user-cli-user-kra.sh should be first executed prior to pki-user-cli-user-add-kra.sh -#pki-user-cli-user-kra.sh -###################################################################################### - ######################################################################## -# Test Suite Globals +#create_role_users.sh should be first executed prior to pki-user-cli-user-add-kra.sh ######################################################################## +run_pki-user-cli-user-add-kra_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -user1="kra_agent2" -user1fullname="Test kra_agent" - -######################################################################## + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA -run_pki-user-cli-user-add-kra_tests(){ - rlPhaseStartSetup "pki_user_cli_user_add-kra-startup:Getting nss certificate db " - rlLog "Certificate directory = $CERTDB_DIR" + if [ "$kra_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli-configtest: pki user --help configuration test" + rlRun "pki user --help > $TmpDir/pki_user_cfg.out 2>&1" \ + 0 \ + "pki user --help" + rlAssertGrep "user-find Find users" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-show Show user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-add Add user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-mod Modify user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-del Remove user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-cert User certificate management commands" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-membership User membership management commands" "$TmpDir/pki_user_cfg.out" rlPhaseEnd - #====Ticket corresponding to pki_user_cli_user_add-configtest : https://fedorahosted.org/pki/ticket/519=====# + rlPhaseStartTest "pki_user_cli_user_add-configtest: pki user-add configuration test" - rlRun "pki user-add > $TmpDir/pki_user_add_cfg.out" \ - 1 \ - "https://fedorahosted.org/pki/ticket/519" - rlAssertGrep "usage: user-add <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" + rlRun "pki user-add --help > $TmpDir/pki_user_add_cfg.out 2>&1" \ + 0 \ + "pki user-add --help" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--email <email> Email" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--password <password> Password" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--state <state> State" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--type <type> Type" "$TmpDir/pki_user_add_cfg.out" rlPhaseEnd + ##### Tests to add KRA users using a user of admin group with a valid cert#### rlPhaseStartTest "pki_user_cli_user_add-KRA-001: Add a user to KRA using KRA_adminV" + user1=kra_agent2 + user1fullname="Test kra_agent" rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" \ - 0 \ - "Add user $user1 to KRA_adminV" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-show $user1" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-show $user1 > $TmpDir/pki-user-add-kra-001.out" \ - 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-add-kra-001.out" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -t kra -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-001.out" 0 "Add user $user1 to KRA_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-kra-001.out" rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-kra-001.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-kra-001.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_1:maximum length of user id " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abcdefghijklmnopqrstuvwxyx12345678 " \ - 0 \ - "Added user using KRA_adminV with maximum user id length" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abcdefghijklmnopqrstuvwxyx12345678 > $TmpDir/pki-user-add-kra-001_1.out" \ - 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"abcdefghijklmnopqrstuvwxyx12345678\"" "$TmpDir/pki-user-add-kra-001_1.out" - rlAssertGrep "User ID: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-kra-001_1.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-kra-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-user-add-kra-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_1.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abcdefghijklmnopqrstuvwxyx12345678 " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_2:User id with # character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc# " \ - 0 \ - "Added user using KRA_adminV, user id with # character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-003:User id with # character" + user3=abc# rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc# > $TmpDir/pki-user-add-kra-001_2.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user3 > $TmpDir/pki-user-add-kra-001_2.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"abc#\"" "$TmpDir/pki-user-add-kra-001_2.out" - rlAssertGrep "User ID: abc#" "$TmpDir/pki-user-add-kra-001_2.out" + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-user-add-kra-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-add-kra-001_2.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_2.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc# " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_3:User id with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc$ " \ - 0 \ - "Added user using KRA_adminV, user id with $ character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-004:User id with $ character" + user4=abc$ rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc$ > $TmpDir/pki-user-add-kra-001_3.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user4 > $TmpDir/pki-user-add-kra-001_3.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"abc$\"" "$TmpDir/pki-user-add-kra-001_3.out" + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-user-add-kra-001_3.out" rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-add-kra-001_3.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_3.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc$ " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_4:User id with @ character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc@ " \ - 0 \ - "Added user using KRA_adminV, user id with @ character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-005:User id with @ character" + user5=abc@ rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc@ > $TmpDir/pki-user-add-kra-001_4.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user5 > $TmpDir/pki-user-add-kra-001_4.out " \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"abc@\"" "$TmpDir/pki-user-add-kra-001_4.out" - rlAssertGrep "User ID: abc@" "$TmpDir/pki-user-add-kra-001_4.out" + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-user-add-kra-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-add-kra-001_4.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_4.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc@ " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_5:User id with ? character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc? " \ - 0 \ - "Added user using KRA_adminV, user id with ? character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-006:User id with ? character" + user6=abc? rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc? > $TmpDir/pki-user-add-kra-001_5.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user6 > $TmpDir/pki-user-add-kra-001_5.out " \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"abc?\"" "$TmpDir/pki-user-add-kra-001_5.out" - rlAssertGrep "User ID: abc?" "$TmpDir/pki-user-add-kra-001_5.out" + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-user-add-kra-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-add-kra-001_5.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_5.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc? " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_6:User id as 0" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test 0 " \ - 0 \ - "Added user using KRA_adminV, user id 0" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-007:User id as 0" + user7=0 rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show 0 > $TmpDir/pki-user-add-kra-001_6.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user7 > $TmpDir/pki-user-add-kra-001_6.out " \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"0\"" "$TmpDir/pki-user-add-kra-001_6.out" - rlAssertGrep "User ID: 0" "$TmpDir/pki-user-add-kra-001_6.out" + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-user-add-kra-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-add-kra-001_6.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_6.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del 0 " \ - 0 \ - "Delete user from KRA" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_7:--email with maximum length " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=abcdefghijklmnopqrstuvwxyx12345678 a " \ - 0 \ - "Added user using KRA_adminV with maximum --email length" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show a > $TmpDir/pki-user-add-kra-001_7.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-user-add-kra-001_7.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"a\"" "$TmpDir/pki-user-add-kra-001_7.out" - rlAssertGrep "User ID: a" "$TmpDir/pki-user-add-kra-001_7.out" + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-user-add-kra-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-user-add-kra-001_7.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_7.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-kra-001_7.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del a" \ - 0 \ - "Delete user from KRA" + actual_email_string=`cat $TmpDir/pki-user-add-kra-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_8:--email with maximum length and symbols " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=abcdefghijklmnopqrstuvwxyx12345678#?*@$ b " \ - 0 \ - "Added user using KRA_adminV with maximum --email length and character symbols in it" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show b > $TmpDir/pki-user-add-kra-001_8.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email='$email' u2 > $TmpDir/pki-user-add-kra-001_8.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"b\"" "$TmpDir/pki-user-add-kra-001_8.out" - rlAssertGrep "User ID: b" "$TmpDir/pki-user-add-kra-001_8.out" + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-user-add-kra-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-user-add-kra-001_8.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_8.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-add-kra-001_8.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del b" \ - 0 \ - "Delete user from KRA" + actual_email_string=`cat $TmpDir/pki-user-add-kra-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_9:--email with # character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=# d " \ - 0 \ - "Added user using KRA_adminV with --email # character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-010:--email with # character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show d > $TmpDir/pki-user-add-kra-001_9.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=# u3 > $TmpDir/pki-user-add-kra-001_9.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"d\"" "$TmpDir/pki-user-add-kra-001_9.out" - rlAssertGrep "User ID: d" "$TmpDir/pki-user-add-kra-001_9.out" + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-user-add-kra-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-user-add-kra-001_9.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_9.out" rlAssertGrep "Email: #" "$TmpDir/pki-user-add-kra-001_9.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del d " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_10:--email with * character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=* e " \ - 0 \ - "Added user using KRA_adminV with --email * character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-011:--email with * character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show e > $TmpDir/pki-user-add-kra-001_10.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=* u4 > $TmpDir/pki-user-add-kra-001_10.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"e\"" "$TmpDir/pki-user-add-kra-001_10.out" - rlAssertGrep "User ID: e" "$TmpDir/pki-user-add-kra-001_10.out" + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-user-add-kra-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-user-add-kra-001_10.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_10.out" rlAssertGrep "Email: *" "$TmpDir/pki-user-add-kra-001_10.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del e " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_11:--email with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=$ f " \ - 0 \ - "Added user using KRA_adminV with --email $ character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-012:--email with $ character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show f > $TmpDir/pki-user-add-kra-001_11.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=$ u5 > $TmpDir/pki-user-add-kra-001_11.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"f\"" "$TmpDir/pki-user-add-kra-001_11.out" - rlAssertGrep "User ID: f" "$TmpDir/pki-user-add-kra-001_11.out" + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-user-add-kra-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-user-add-kra-001_11.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_11.out" rlAssertGrep "Email: \\$" "$TmpDir/pki-user-add-kra-001_11.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del f " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_12:--email as number 0 " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=0 z " \ - 0 \ - "Added user using KRA_adminV with --email 0" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-013:--email as number 0" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show z > $TmpDir/pki-user-add-kra-001_12.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=0 u6 > $TmpDir/pki-user-add-kra-001_12.out " \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"z\"" "$TmpDir/pki-user-add-kra-001_12.out" - rlAssertGrep "User ID: z" "$TmpDir/pki-user-add-kra-001_12.out" + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-user-add-kra-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-user-add-kra-001_12.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_12.out" rlAssertGrep "Email: 0" "$TmpDir/pki-user-add-kra-001_12.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del z" \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_13:--state with maximum length " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=abcdefghijklmnopqrstuvwxyx12345678 h " \ - 0 \ - "Added user using KRA_adminV with maximum --state length" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show h > $TmpDir/pki-user-add-kra-001_13.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-user-add-kra-001_13.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"h\"" "$TmpDir/pki-user-add-kra-001_13.out" - rlAssertGrep "User ID: h" "$TmpDir/pki-user-add-kra-001_13.out" + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-user-add-kra-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-user-add-kra-001_13.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_13.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-kra-001_13.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del h " \ - 0 \ - "Delete user from KRA" + actual_state_string=`cat $TmpDir/pki-user-add-kra-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-kra-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-kra-001_13.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_14:--state with maximum length and symbols " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=abcdefghijklmnopqrstuvwxyx12345678#?*@$ i " \ - 0 \ - "Added user using KRA_adminV with maximum --state length and character symbols in it" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show i > $TmpDir/pki-user-add-kra-001_14.out" \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state='$state' u8 > $TmpDir/pki-user-add-kra-001_14.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"i\"" "$TmpDir/pki-user-add-kra-001_14.out" - rlAssertGrep "User ID: i" "$TmpDir/pki-user-add-kra-001_14.out" + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-user-add-kra-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-user-add-kra-001_14.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_14.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-add-kra-001_14.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del i " \ - 0 \ - "Delete user from KRA" + actual_state_string=`cat $TmpDir/pki-user-add-kra-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-kra-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-kra-001_14.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_15:--state with # character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=# j " \ - 0 \ - "Added user using KRA_adminV with --state # character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-016:--state with # character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show j > $TmpDir/pki-user-add-kra-001_15.out" \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state=# u9 > $TmpDir/pki-user-add-kra-001_15.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"j\"" "$TmpDir/pki-user-add-kra-001_15.out" - rlAssertGrep "User ID: j" "$TmpDir/pki-user-add-kra-001_15.out" + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-kra-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-kra-001_15.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_15.out" rlAssertGrep "State: #" "$TmpDir/pki-user-add-kra-001_15.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del j" \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_16:--state with * character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=* k " \ - 0 \ - "Added user using KRA_adminV with --state * character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-017:--state with * character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show k > $TmpDir/pki-user-add-kra-001_16.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state=* u10 > $TmpDir/pki-user-add-kra-001_16.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"k\"" "$TmpDir/pki-user-add-kra-001_16.out" - rlAssertGrep "User ID: k" "$TmpDir/pki-user-add-kra-001_16.out" + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-kra-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-kra-001_16.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_16.out" rlAssertGrep "State: *" "$TmpDir/pki-user-add-kra-001_16.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del k " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_17:--state with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=$ l " \ - 0 \ - "Added user using KRA_adminV with --state $ character" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-018:--state with $ character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show l > $TmpDir/pki-user-add-kra-001_17.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state=$ u11 > $TmpDir/pki-user-add-kra-001_17.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"l\"" "$TmpDir/pki-user-add-kra-001_17.out" - rlAssertGrep "User ID: l" "$TmpDir/pki-user-add-kra-001_17.out" + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-kra-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-kra-001_17.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_17.out" rlAssertGrep "State: \\$" "$TmpDir/pki-user-add-kra-001_17.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del l " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_18:--state as number 0 " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=0 m " \ - 0 \ - "Added user using KRA_adminV with --state 0" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-019:--state as number 0" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show m > $TmpDir/pki-user-add-kra-001_18.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state=0 u12 > $TmpDir/pki-user-add-kra-001_18.out " \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"m\"" "$TmpDir/pki-user-add-kra-001_18.out" - rlAssertGrep "User ID: m" "$TmpDir/pki-user-add-kra-001_18.out" + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-add-kra-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-add-kra-001_18.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_18.out" rlAssertGrep "State: 0" "$TmpDir/pki-user-add-kra-001_18.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del m" \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_19:--phone with maximum length " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=abcdefghijklmnopqrstuvwxyx12345678 n " \ - 0 \ - "Added user using KRA_adminV with maximum --phone length" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-show n > $TmpDir/pki-user-add-kra-001_19.out" \ + + rlPhaseStartTest "pki_user_cli_user_add-KRA-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-user-add-kra-001_19.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"n\"" "$TmpDir/pki-user-add-kra-001_19.out" - rlAssertGrep "User ID: n" "$TmpDir/pki-user-add-kra-001_19.out" + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-user-add-kra-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-user-add-kra-001_19.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_19.out" - rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-kra-001_19.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del n " \ - 0 \ - "Delete user from KRA" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-kra-001_19.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_20:--phone with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_add-KRA-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=abcdefghijklmnopqrstuvwxyx12345678#?*@$ o > $TmpDir/pki-user-add-kra-001_20.out 2>&1"\ - 1 \ - "Cannot add user using KRA_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-kra-001_20.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-user-add-kra-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-kra-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-kra-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_21:--phone with # character " + + rlPhaseStartTest "pki_user_cli_user_add-KRA-022:--phone with # character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=# p > $TmpDir/pki-user-add-kra-001_21.out 2>&1" \ - 1 \ - "Cannot add user using KRA_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-kra-001_21.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --phone=# usr2 > $TmpDir/pki-user-add-kra-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-kra-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-kra-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_22:--phone with * character " + + rlPhaseStartTest "pki_user_cli_user_add-KRA-023:--phone with * character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=* q > $TmpDir/pki-user-add-kra-001_22.out 2>&1" \ - 1 \ - "Cannot add user using KRA_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-kra-001_22.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --phone=* usr3 > $TmpDir/pki-user-add-kra-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-kra-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-kra-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_23:--phone with $ character " + + rlPhaseStartTest "pki_user_cli_user_add-KRA-024:--phone with $ character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=$ r > $TmpDir/pki-user-add-kra-001_23.out 2>&1" \ - 1 \ - "Cannot add user using KRA_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-kra-001_23.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-user-add-kra-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-kra-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-kra-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_24:--phone as negative number -1230 " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=-1230 s " \ - 0 \ - "Added user using KRA_adminV with --phone -1230" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-025:--phone as negative number -1230" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show s > $TmpDir/pki-user-add-kra-001_24.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-user-add-kra-001_24.out " \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"s\"" "$TmpDir/pki-user-add-kra-001_24.out" - rlAssertGrep "User ID: s" "$TmpDir/pki-user-add-kra-001_24.out" + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-user-add-kra-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-user-add-kra-001_24.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_24.out" rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-add-kra-001_24.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del s " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_25:--type as Auditors" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=Auditors t " \ - 0 \ - "Added user using KRA_adminV with --type Auditors" + rlPhaseStartTest "pki_user_cli_user_add-KRA-026:--type as Auditors" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show t > $TmpDir/pki-user-add-kra-001_25.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-user-add-kra-001_25.out" \ 0 \ - "Show pki KRA_adminV user" - rlAssertGrep "User \"t\"" "$TmpDir/pki-user-add-kra-001_25.out" - rlAssertGrep "User ID: t" "$TmpDir/pki-user-add-kra-001_25.out" + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-kra-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-kra-001_25.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_25.out" rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-add-kra-001_25.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del t " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_26:--type Data Recovery Manager Agents " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Certificate Manager Agents\" t" \ - 0 \ - "Added user using KRA_adminV --type Certificate Manager Agents" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-027:--type Certificate Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show t > $TmpDir/pki-user-add-kra-001_26.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-user-add-kra-001_26.out" \ 0 \ - "Show pki KRA user" - rlAssertGrep "User \"t\"" "$TmpDir/pki-user-add-kra-001_26.out" - rlAssertGrep "User ID: t" "$TmpDir/pki-user-add-kra-001_26.out" + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-user-add-kra-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-add-kra-001_26.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_26.out" rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-add-kra-001_26.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del t " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_27:--type Registration Manager Agents " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Registration Manager Agents\" u " \ - 0 \ - "Added user using KRA_adminV with --type Registration Manager Agents" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-028:--type Registration Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show u > $TmpDir/pki-user-add-kra-001_27.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-user-add-kra-001_27.out" \ 0 \ - "Show pki KRA user" - rlAssertGrep "User \"u\"" "$TmpDir/pki-user-add-kra-001_27.out" - rlAssertGrep "User ID: u" "$TmpDir/pki-user-add-kra-001_27.out" + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-user-add-kra-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-user-add-kra-001_27.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_27.out" rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-add-kra-001_27.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del u" \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_28:--type Subsytem Group " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Subsytem Group\" v " \ - 0 \ - "Added user using KRA_adminV with --type Subsytem Group" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-029:--type Subsytem Group" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show v > $TmpDir/pki-user-add-kra-001_28.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-user-add-kra-001_28.out" \ 0 \ - "Show pki KRA user" - rlAssertGrep "User \"v\"" "$TmpDir/pki-user-add-kra-001_28.out" - rlAssertGrep "User ID: v" "$TmpDir/pki-user-add-kra-001_28.out" + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-user-add-kra-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-user-add-kra-001_28.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_28.out" rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-add-kra-001_28.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del v" \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_29:--type Security Domain Administrators " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Security Domain Administrators\" w " \ - 0 \ - "Added user using KRA_adminV with --type Security Domain Administrators" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-030:--type Security Domain Administrators" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show w > $TmpDir/pki-user-add-kra-001_29.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-user-add-kra-001_29.out" \ 0 \ - "Show pki KRA user" - rlAssertGrep "User \"w\"" "$TmpDir/pki-user-add-kra-001_29.out" - rlAssertGrep "User ID: w" "$TmpDir/pki-user-add-kra-001_29.out" + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-kra-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-kra-001_29.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_29.out" rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-add-kra-001_29.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del w" \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_30:--type ClonedSubsystems " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=ClonedSubsystems x " \ - 0 \ - "Added user using KRA_adminV with --type ClonedSubsystems" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-031:--type ClonedSubsystems" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show x > $TmpDir/pki-user-add-kra-001_30.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-user-add-kra-001_30.out" \ 0 \ - "Show pki KRA user" - rlAssertGrep "User \"x\"" "$TmpDir/pki-user-add-kra-001_30.out" - rlAssertGrep "User ID: x" "$TmpDir/pki-user-add-kra-001_30.out" + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-kra-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-kra-001_30.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_30.out" rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-add-kra-001_30.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del x " \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-001_31:--type Trusted Managers " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Trusted Managers\" y " \ - 0 \ - "Added user using KRA_adminV with --type Trusted Managers" + + rlPhaseStartTest "pki_user_cli_user_add-KRA-032:--type Trusted Managers" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show y > $TmpDir/pki-user-add-kra-001_31.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-user-add-kra-001_31.out" \ 0 \ - "Show pki KRA user" - rlAssertGrep "User \"y\"" "$TmpDir/pki-user-add-kra-001_31.out" - rlAssertGrep "User ID: y" "$TmpDir/pki-user-add-kra-001_31.out" + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-user-add-kra-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-user-add-kra-001_31.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_31.out" rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-add-kra-001_31.out" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del y " \ - 0 \ - "Delete user from KRA" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-002: Add a duplicate user to KRA" - command="pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-kra-002.out 2>&1 " - - rlLog "Command=$command" - expmsg="ConflictingOperationException: Entry already exists." - rlRun "$command" 1 "Add duplicate user" - rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-kra-002.out" - rlLog "Clean-up:" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del $user1" \ - 0 \ - "Delete user from KRA" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-003: Add a user to KRA with -t option" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t kra \ - user-add --fullName=\"$user1fullname\" $user1" - + rlPhaseStartTest "pki_user_cli_user_add-KRA-033:--type Dummy Group" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-003.out" \ - 0 \ - "Add user $user1 to KRA" - rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-kra-003.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-kra-003.out" - rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-kra-003.out" - - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t kra \ - user-show $user1 > $TmpDir/pki-user-add-kra-003_1.out" \ - 0 \ - "Show pki KRA user" - rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-add-kra-003_1.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-kra-003_1.out" - rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-kra-003_1.out" - rlLog "Clean-up:" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t kra \ - user-del $user1" \ - 0 \ - "Delete user from KRA" + user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-user-add-kra-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-user-add-kra-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-user-add-kra-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-user-add-kra-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-user-add-kra-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-kra-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_add-KRA-004: Add a user -- missing required option user id" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminV \ + rlPhaseStartTest "pki_user_cli_user_add-KRA-034: Add a duplicate user to KRA" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ - user-add --fullName=\"$user1fullname\" " + user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-kra-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-kra-002.out" + rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_add-KRA-036: Add a user -- missing required option user id" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ user-add --fullName=\"$user1fullname\" > $TmpDir/pki-user-add-kra-004.out" \ - 1\ + 255 \ "Add user -- missing required option user id" - rlAssertGrep "usage: user-add <User ID> \[OPTIONS...\]" "$TmpDir/pki-user-add-kra-004.out" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-user-add-kra-004.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-005: Add a user -- missing required option --fullName" + rlPhaseStartTest "pki_user_cli_user_add-KRA-037: Add a user -- missing required option --fullName" command="pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ user-add $user1 > $TmpDir/pki-user-add-kra-005.out 2>&1" - expmsg="Error: Missing required option: fullName" - rlLog "Executing: $command" - rlRun "$command" 1 "Add a user -- missing required option --fullName" - rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-kra-005.out" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-006: Add a user -- all options provided" + rlPhaseStartTest "pki_user_cli_user_add-KRA-038: Add a user -- all options provided" email="kra_agent2@myemail.com" user_password="agent2Password" phone="1234567890" state="NC" type="Administrators" rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ user-add --fullName=\"$user1fullname\" \ --email $email \ @@ -878,11 +734,13 @@ run_pki-user-cli-user-add-kra_tests(){ --phone $phone \ --state $state \ --type $type \ - $user1" + u23" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ user-add --fullName=\"$user1fullname\" \ --email $email \ @@ -890,79 +748,52 @@ run_pki-user-cli-user-add-kra_tests(){ --phone $phone \ --state $state \ --type $type \ - $user1 > $TmpDir/pki-user-add-kra-006_1.out" \ + u23 > $TmpDir/pki-user-add-kra-006_1.out" \ 0 \ - "Add user $user1 to KRA -- all options provided" - rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-kra-006_1.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-kra-006_1.out" + "Add user u23 to KRA -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-user-add-kra-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-add-kra-006_1.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-kra-006_1.out" rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-kra-006_1.out" rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-kra-006_1.out" rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-kra-006_1.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-add-kra-006_1.out" + rlPhaseEnd - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t kra \ - user-show $user1 > $TmpDir/pki-user-add-kra-006.out" \ - 0 \ - "Show pki KRA user" - - rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-add-kra-006.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-kra-006.out" - rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-kra-006.out" - rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-kra-006.out" - rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-kra-006.out" - rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-kra-006.out" - rlAssertGrep "State: $state" "$TmpDir/pki-user-add-kra-006.out" - rlLog "Clean-up:" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t kra \ - user-del $user1" \ - 0 \ - "Delete user from KRA" - - rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_add-KRA-007: Add user to multiple groups" - user=multigroup_user + rlPhaseStartTest "pki_user_cli_user_add-KRA-039: Add user to multiple groups" + user=u24 userfullname="Multiple Group User" email="multiplegroup@myemail.com" user_password="admin2Password" phone="1234567890" state="NC" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t kra \ - user-add --fullName=\"$userfullname\" \ - --email $email \ - --password $user_password \ - --phone $phone \ - --state $state \ - $user" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ user-add --fullName=\"$userfullname\" \ --email $email \ --password $user_password \ --phone $phone \ --state $state \ - $user" \ + $user > $TmpDir/pki-user-add-kra-006.out " \ 0 \ - "Add user $user using KRA_adminV" - + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-user-add-kra-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-add-kra-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-user-add-kra-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-kra-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-kra-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-add-kra-006.out" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ - group-add-member Administrators $user > $TmpDir/pki-user-add-kra-007_1.out" \ + group-member-add Administrators $user > $TmpDir/pki-user-add-kra-007_1.out" \ 0 \ "Add user $user to Administrators group" @@ -970,220 +801,747 @@ run_pki-user-cli-user-add-kra_tests(){ rlAssertGrep "User: $user" "$TmpDir/pki-user-add-kra-007_1.out" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ - group-find-member Administrators > $TmpDir/pki-user-add-kra-007.out" \ + group-member-find Administrators > $TmpDir/pki-user-add-kra-007.out" \ 0 \ - "Show pki group-find-member Administrators" + "Show pki group-member-find Administrators" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ - group-add-member \"Certificate Manager Agents\" $user > $TmpDir/pki-user-add-kra-007_1_1.out" \ + group-member-add \"Data Recovery Manager Agents\" $user > $TmpDir/pki-user-add-kra-007_1_1.out" \ 0 \ - "Add user $user to Administrators group" + "Add user $user to Data Recovery Manager Agents group" rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-kra-007_1_1.out" rlAssertGrep "User: $user" "$TmpDir/pki-user-add-kra-007_1_1.out" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ - group-find-member \"Certificate Manager Agents\" > $TmpDir/pki-user-add-kra-007_2.out" \ + group-member-find \"Data Recovery Manager Agents\" > $TmpDir/pki-user-add-kra-007_2.out" \ 0 \ - "Show pki group-find-member Administrators" + "Show pki group-member-find Data Recovery Manager Agents" rlAssertGrep "User: $user" "$TmpDir/pki-user-add-kra-007_2.out" - - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t kra \ - user-del $user" \ - 0 \ - "Delete user $user " - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-008: Add user with --password " + rlPhaseStartTest "pki_user_cli_user_add-KRA-040: Add user with --password less than 8 characters" userpw="pass" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-kra-008.out 2>&1" expmsg="PKIException: The password must be at least 8 characters" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-kra-008.out 2>&1" \ - 1 \ + 255 \ "Add a user --must be at least 8 characters --password" rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-kra-008.out" - rlPhaseEnd ##### Tests to add users using revoked cert##### - rlPhaseStartTest "pki_user_cli_user_add-KRA-009: Cannot add user using a revoked cert KRA_adminR" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-KRA-041: Should not be able to add user using a revoked cert KRA_adminR" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminR \ + -n ${prefix}_adminR \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-revoke-adminR-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a user having revoked cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-kra-revoke-adminR-002.out" + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-kra-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-009_1: Cannot add user using a agent or a revoked cert KRA_agentR" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_agentR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-KRA-042: Should not be able to add user using a agent with revoked cert KRA_agentR" rlRun "pki -d $CERTDB_DIR \ - -n KRA_agentR \ + -n ${prefix}_agentR \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-revoke-agentR-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a user having revoked cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-kra-revoke-agentR-002.out" + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-kra-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" rlPhaseEnd ##### Tests to add users using an agent user##### - rlPhaseStartTest "pki_user_cli_user_add-KRA-0010: Cannot add user using a KRA_agentV user" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_agentV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-KRA-043: Should not be able to add user using a valid agent KRA_agentV user" rlRun "pki -d $CERTDB_DIR \ - -n KRA_agentV \ + -n ${prefix}_agentV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-agentV-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-kra-agentV-002.out" + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-kra-agentV-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-0011: Cannot add user using a KRA_agentR user" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_agentR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d $CERTDB_DIR \ - -n KRA_agentR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-agentR-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-kra-agentR-002.out" + ##### Tests to add users using CA_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_user_cli_user_add-KRA-044: Should not be able to add user using a KRA_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-kra-agentUTCA-002.out" rlPhaseEnd + ##### Tests to add users using expired cert##### - rlPhaseStartTest "pki_user_cli_user_add-KRA-0012: Cannot add user using a KRA_adminE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminE \ - -c $CERTDB_DIR_PASSWORD \ + rlPhaseStartTest "pki_user_cli_user_add-KRA-045: Should not be able to add user using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminE \ + -n ${prefix}_adminE \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-adminE-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "RuntimeException: java.io.IOException: SocketException cannot read on socket" "$TmpDir/pki-user-add-kra-adminE-002.out" + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-kra-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-kra-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-0013: Cannot add user using a KRA_agentE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" + rlPhaseStartTest "pki_user_cli_user_add-KRA-046: Should not be able to add user using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_agentE \ + -n ${prefix}_agentE \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ - -n KRA_agentE \ + -n ${prefix}_agentE \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-agentE-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "RuntimeException: java.io.IOException: SocketException cannot read on socket" "$TmpDir/pki-user-add-kra-agentE-002.out" + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-kra-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-kra-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd ##### Tests to add users using audit users##### - rlPhaseStartTest "pki_user_cli_user_add-KRA-0012: Cannot add user using a KRA_auditV" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_auditV \ + rlPhaseStartTest "pki_user_cli_user_add-KRA-047: Should not be able to add user using a KRA_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ - -n KRA_auditV \ + -n ${prefix}_auditV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-auditV-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a audit cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-kra-auditV-002.out" + 255 \ + "Should not be able to add user $user1 using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-kra-auditV-002.out" rlPhaseEnd - ##### Tests to add users using operator user### - rlPhaseStartTest "pki_user_cli_user_add-KRA-0013: Cannot add user using a KRA_operatorV" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_operatorV \ + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_user_cli_user_add-KRA-048: Should not be able to add user using a KRA_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-kra-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-049: Should not be able to add user using a cert created from a untrusted KRA KRA_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-kra-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test \"$user_length_exceed_max\"" rlRun "pki -d $CERTDB_DIR \ - -n KRA_operatorV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-operatorV-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a operator cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-kra-operatorV-002.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-user-add-kra-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-user-add-kra-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-kra-001_50.out" rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_add-KRA-051: fullname with i18n characters" + rlLog "user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-user-add-kra-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-user-add-kra-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-add-kra-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-add-kra-001_51.out" + rlPhaseEnd - ##### Tests to add users using KRA_adminUTKRA and KRA_agentUTKRA user's certificate will be issued by an untrusted KRA users##### - rlPhaseStartTest "pki_user_cli_user_add-KRA-0014: Cannot add user using a KRA_adminUTKRA" + rlPhaseStartTest "pki_user_cli_user_add-KRA-052: fullname with i18n characters" + rlLog "user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='Éric Têko' u27 > $TmpDir/pki-user-add-kra-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-user-add-kra-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-user-add-kra-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-add-kra-001_52.out" + rlPhaseEnd - rlLog "Executing: pki -d /tmp/untrusted_cert_db \ - -n KRA_adminUTKRA \ - -c Password \ - user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d /tmp/untrusted_cert_db \ - -n KRA_adminUTKRA \ - -c Password \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-adminUTKRA-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a untrusted cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-kra-adminUTKRA-002.out" + rlPhaseStartTest "pki_user_cli_user_add-KRA-053: fullname with i18n characters" + rlLog "user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-user-add-kra-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-user-add-kra-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-kra-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-user-add-kra-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u28 > $TmpDir/pki-user-add-kra-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-user-add-kra-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-kra-001_53_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-KRA-0014: Cannot add user using a KRA_agentUTKRA" + rlPhaseStartTest "pki_user_cli_user_add-KRA-054: fullname with i18n characters" + rlLog "user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-user-add-kra-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-user-add-kra-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-kra-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u29 > $TmpDir/pki-user-add-kra-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-user-add-kra-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-kra-001_54_2.out" + rlPhaseEnd - rlLog "Executing: pki -d /tmp/untrusted_cert_db \ - -n KRA_agentUTKRA \ - -c Password \ - user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d /tmp/untrusted_cert_db \ - -n KRA_agentUTKRA \ + rlPhaseStartTest "pki_user_cli_user_add-KRA-055: fullname with i18n characters" + rlLog "user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-user-add-kra-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-user-add-kra-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-kra-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u30 > $TmpDir/pki-user-add-kra-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-user-add-kra-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-kra-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-056: user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-057: userid with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-058: email address with i18n characters" + rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t kra user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-059: email address with i18n characters" + rlLog "user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-060: password with i18n characters" + rlLog "user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-user-add-kra-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-user-add-kra-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u31 > $TmpDir/pki-user-add-kra-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-user-add-kra-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-061: password with i18n characters" + rlLog "user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-user-add-kra-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-user-add-kra-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u32 > $TmpDir/pki-user-add-kra-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-user-add-kra-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-062: type with i18n characters" + rlLog "user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-user-add-kra-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-user-add-kra-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-kra-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u33 > $TmpDir/pki-user-add-kra-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-user-add-kra-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-kra-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-063: type with i18n characters" + rlLog "user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-user-add-kra-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-user-add-kra-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-kra-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u34 > $TmpDir/pki-user-add-kra-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-user-add-kra-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-kra-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-064: state with i18n characters" + rlLog "user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state='čå' u35 > $TmpDir/pki-user-add-kra-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-user-add-kra-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-kra-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u35 > $TmpDir/pki-user-add-kra-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-user-add-kra-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-kra-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-065: state with i18n characters" + rlLog "user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state='йč' u36 > $TmpDir/pki-user-add-kra-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-user-add-kra-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-kra-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u36 > $TmpDir/pki-user-add-kra-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-user-add-kra-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-kra-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ -c Password \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-kra-agentUTKRA-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a untrusted cert" - rlAssertGrep "RuntimeException: java.net.SocketException: Object not found: org.mozilla.jss.crypto.ObjectNotFoundException" "$TmpDir/pki-user-add-kra-agentUTKRA-002.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-add-kra-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-kra-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t kra \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t kra \ + user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-KRA-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t kra \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t kra \ + user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting users" + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del '$usr' > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-user-del-kra-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-user-del-kra-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-user-del-kra-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del $pki_user > $TmpDir/pki-user-del-user-kra-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-user-del-user-kra-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "KRA instance not created." + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh index 94186d5d0..507ba96d0 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh @@ -49,12 +49,33 @@ ######################################################################## run_pki-user-cli-user-cert-add-kra_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$kra_instance_created" = "TRUE" ] ; then KRA_HOST=$(eval echo \$${MYROLE}) KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) @@ -89,7 +110,7 @@ ROOTCA_agent_user=${caId}_agentV ##### Add one cert to a user ##### -rlPhaseStartTest "pki_user_cli_user_cert-add-kra-002-tier1: Add one cert to a user should succeed" +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-002: Add one cert to a user should succeed" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ @@ -404,7 +425,7 @@ rlPhaseEnd ##### Add one cert to a user - User ID missing ##### -rlPhaseStartTest "pki_user_cli_user_cert-add-kra-006-tier1: Add one cert to a user should fail when USER ID is missing" +rlPhaseStartTest "pki_user_cli_user_cert-add-kra-006: Add one cert to a user should fail when USER ID is missing" rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ @@ -437,7 +458,7 @@ rlPhaseEnd ##### Add one cert to a user - --input parameter missing ##### -rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-007-tier1: Add one cert to a user should fail when --input parameter is missing" +rlPhaseStartTest "pki_kra_user_cli_kra_user_cert-add-007: Add one cert to a user should fail when --input parameter is missing" rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ -c $CERTDB_DIR_PASSWORD \ @@ -2229,7 +2250,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-add-kra-0036: Add one cert to a user wi -t kra \ user-del $userid" rlPhaseEnd -#rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0038: client cert authentication using cross certification" +#rlPhaseStartTest "pki_ca_user_cli_user_cert-add-kra-0038: client cert authentication using cross certification" # local userid="new_adminV" # local username="NEW CA Admin User" # cat /etc/redhat-release | grep "Fedora" @@ -2345,7 +2366,7 @@ rlPhaseEnd #rlPhaseEnd #===Deleting users===# -rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_kra_user_cli_user_cleanup: Deleting role users" j=1 while [ $j -lt 3 ] ; do @@ -2382,5 +2403,7 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd +else + rlLog "KRA instance not installed" +fi } - diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh index 7ae62eb1e..cc8290df1 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh @@ -49,21 +49,36 @@ ######################################################################## run_pki-user-cli-user-cert-delete-kra_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$kra_instance_created" = "TRUE" ] ; then KRA_HOST=$(eval echo \$${MYROLE}) KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) - ##### Create temporary directory to save output files##### - rlPhaseStartSetup "pki_user_cli_user_cert-del-kra-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - user1=testuser1 user2=testuser2 user1fullname="Test user1" @@ -838,7 +853,7 @@ ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) rlPhaseEnd #===Deleting users===# -rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_kra_user_cli_user_cleanup: Deleting role users" j=1 while [ $j -lt 3 ] ; do @@ -859,4 +874,7 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd +else + rlLog "KRA instance not created" +fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh index f3c1ff558..9b587fdc2 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh @@ -49,21 +49,36 @@ ######################################################################## run_pki-user-cli-user-cert-find-kra_tests(){ - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$kra_instance_created" = "TRUE" ] ; then KRA_HOST=$(eval echo \$${MYROLE}) KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) - #####Create temporary dir to save the output files##### - rlPhaseStartSetup "pki_user_cli_user_cert-find-kra-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - user1=testuser1 user2=testuser2 user1fullname="Test user1" @@ -1083,7 +1098,7 @@ rlPhaseStartTest "pki_user_cli_user_cert-find-kra-033: Find the certs of a user rlPhaseEnd #===Deleting users===# -rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_kra_user_cli_user_cleanup: Deleting role users" j=1 while [ $j -lt 4 ] ; do @@ -1105,4 +1120,7 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd +else + rlLog "KRA instance not created" +fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh index 9f380052f..6aa314600 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh @@ -49,22 +49,36 @@ ######################################################################## run_pki-user-cli-user-cert-show-kra_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 -CA_HOST=$5 + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$kra_instance_created" = "TRUE" ] ; then KRA_HOST=$(eval echo \$${MYROLE}) KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) - ##### Create temporary directory to save output files ##### - rlPhaseStartSetup "pki_user_cli_user_cert-show-kra-startup: Create temporary directory" - rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" - rlRun "pushd $TmpDir" - rlPhaseEnd - user1=testuser1 user2=testuser2 user1fullname="Test user1" @@ -86,8 +100,6 @@ eval ${subsystemId}_auditV_user=${subsystemId}_auditV eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV ROOTCA_agent_user=${caId}_agentV - ##### Tests to find certs assigned to KRA users #### - ##### Show certs asigned to a user - valid Cert ID and User ID ##### rlPhaseStartTest "pki_user_cli_user_cert-show-kra-002: Show certs assigned to a user - valid UserID and CertID" @@ -1075,7 +1087,7 @@ ROOTCA_agent_user=${caId}_agentV rlPhaseEnd #===Deleting users===# -rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_kra_user_cli_user_cleanup: Deleting role users" j=1 while [ $j -lt 3 ] ; do @@ -1097,4 +1109,7 @@ rlPhaseStartTest "pki_kra_user_cli_user_cleanup: Deleting role users" rlRun "popd" rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd +else + rlLog "KRA instance not created" +fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-del-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-del-kra.sh index 9ea6d0f44..d60c7fee2 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-del-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-del-kra.sh @@ -3,10 +3,10 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-del CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-del Delete pki subsystem KRA users. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Author: Asha Akkiangady <aakkiang@redhat.com> @@ -37,57 +37,695 @@ . /opt/rhqa_pki/rhcs-shared.sh . /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh - - -######################################################################## -# Test Suite Globals +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-del.sh ######################################################################## run_pki-user-cli-user-del-kra_tests(){ - rlPhaseStartSetup "pki_user_cli_user_add-kra-startup:Getting the temp directory and nss certificate db " - rlLog "nss_db directory = $TmpDir/nssdb" - rlLog "temp directory = $CERTDB_DIR" + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$kra_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli_user_del-KRA-kra-configtest-001: pki user-del --help configuration test" + rlRun "pki user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki user-del --help" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-kra-configtest-002: pki user-del configuration test" + rlRun "pki user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki user-del" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" rlPhaseEnd - rlPhaseStartCleanup "pki_user_cli_user_add-cleanup: Delete temp dir" - del_user=($KRA_adminV_user $KRA_adminR_user $KRA_adminE_user $KRA_adminUTKRA_user $KRA_agentV_user $KRA_agentR_user $KRA_agentE_user $KRA_agentUTKRA_user $KRA_auditV_user $KRA_operatorV_user) + rlPhaseStartTest "pki_user_cli_user_del-KRA-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test_user u$i" + let i=$i+1 + done - #===Deleting users created using KRA_adminV cert===# + #===Deleting users created using ${prefix}_adminV cert===# i=1 while [ $i -lt 25 ] ; do rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-del u$i > $TmpDir/pki-user-del-kra-user-00$i.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-user1-00$i.out" \ 0 \ "Deleted user u$i" - rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-00$i.out" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" let i=$i+1 done - #===Deleting users(symbols) created using KRA_adminV cert===# + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test_user $usr" + let i=$i+1 + done + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# j=1 while [ $j -lt 8 ] ; do eval usr=\$user$j rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ - 0 \ - "Deleted user $usr" - rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del $usr > $TmpDir/pki-user-del-kra-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" let j=$j+1 done - i=0 - while [ $i -lt ${#del_user[@]} ] ; do - userid_del=${del_user[$i]} - rlRun "pki -d $TmpDir/nssdb \ - -n \"$admin_cert_nickname\" \ - -c $nss_db_password \ - user-del $userid_del > $TmpDir/pki-user-del-kra-00$i.out" \ + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del USER_ABC > $TmpDir/pki-user-del-kra-user-002_1.out" \ 0 \ - "Deleted user $userid_del" - rlAssertGrep "Deleted user \"$userid_del\"" "$TmpDir/pki-user-del-kra-00$i.out" - let i=$i+1 - done + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-user-del-kra-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del > $TmpDir/pki-user-del-kra-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/pki-user-del-kra-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-kra-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del \"$user2\" > $TmpDir/pki-user-del-kra-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-kra-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test '$userid' > $TmpDir/pki-user-add-kra-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del '$userid' > $TmpDir/pki-user-del-kra-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-kra-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show '$userid' > $TmpDir/pki-user-del-kra-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-user-del-kra-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test kra_agent" + email="kra_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-user-add-kra-008.out" \ + 0 \ + "Add user $user1 to KRA -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add $user1 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-kra-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del $user1 > $TmpDir/pki-user-del-kra-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-user-del-kra-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-user-add-kra-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u22 > $TmpDir/pki-user-del-kra-user-009.out" \ + 0 \ + "Deleting user u22 using -t kra option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-user-del-kra-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-010: Should not be able to delete user using a revoked cert KRA_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-user-add-kra-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u23 > $TmpDir/pki-user-show-kra-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-kra-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-kra-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-kra-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-011: Should not be able to delete user using a agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u23 > $TmpDir/pki-user-show-kra-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-kra-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-kra-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-kra-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u23 > $TmpDir/pki-user-del-kra-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-012: Should not be able to delete user using a valid agent KRA_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-user-add-kra-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u24 > $TmpDir/pki-user-show-kra-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-kra-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-kra-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-kra-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-013: Should not be able to delete user using a admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u24 > $TmpDir/pki-user-show-kra-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-kra-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-kra-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-kra-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-014: Should not be able to delete a user using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u24 > $TmpDir/pki-user-show-kra-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-kra-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-kra-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-kra-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-015: Should not be able to delete user using a KRA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a audit cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u24 > $TmpDir/pki-user-show-kra-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-kra-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-kra-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-kra-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-016: Should not be able to delete user using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u24 > $TmpDir/pki-user-show-kra-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-kra-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-kra-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-kra-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u24 > $TmpDir/pki-user-show-kra-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-kra-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-kra-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-kra-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-del-kra-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-del-kra-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u24 > $TmpDir/pki-user-show-kra-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-kra-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-kra-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-kra-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u24 > $TmpDir/pki-user-del-kra-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-019: delete user name with i18n characters" + rlLog "user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-user-add-kra-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-kra-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-kra-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u19 > $TmpDir/pki-user-del-kra-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-kra-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-KRA-020: delete username with i18n characters" + rlLog "user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-user-add-kra-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-kra-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-kra-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u20 > $TmpDir/pki-user-del-kra-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-kra-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_del-kra_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "KRA instance not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-find-kra.sh index 791844fd1..bddad0be4 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-find-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-find-kra.sh @@ -3,13 +3,14 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-find CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-find To list users in KRA. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Author: Asha Akkiangady <aakkiang@redhat.com> +# Authors: Laxmi Sunkara <lsunkara@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # @@ -35,173 +36,769 @@ . /usr/bin/rhts-environment.sh . /usr/share/beakerlib/beakerlib.sh . /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh ######################################################################## -# Test Suite Globals +#create_role_users.sh should be first executed prior to pki-user-cli-user-find.sh ######################################################################## -user1="kra_agent2" -user1fullname="Test kra_agent" +run_pki-user-cli-user-find-kra_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -######################################################################## + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi -run_pki-user-cli-user-find-kra_tests(){ - rlPhaseStartSetup "pki_user_cli_user_find-startup: Getting nss certificate db" - rlLog "Certificate directory = $CERTDB_DIR" - rlPhaseEnd + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$kra_instance_created" = "TRUE" ] ; then + user1=kra_agent2 + user1fullname="Test kra_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 - rlPhaseStartTest "pki_user_cli_user_find-KRA-add: Add users to KRA" + rlPhaseStartSetup "pki_user_cli_user_find-kra-startup-addusers: Add users" i=1 - while [ $i -le 5 ] ; do - rlLog "Adding user user1$i" - rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"fullname1$i\" user1$i > $TmpDir/pki-user-find-kra-a00$i.out 2>&1" \ - 0 \ - "Add user user1$i to KRA" - rlAssertGrep "Added user \"user1$i\"" "$TmpDir/pki-user-find-kra-a00$i.out" - rlAssertGrep "User ID: user1$i" "$TmpDir/pki-user-find-kra-a00$i.out" - rlAssertGrep "Full name: fullname1$i" "$TmpDir/pki-user-find-kra-a00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_find-kra-001: Find 5 users, --size=5" + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-configtest-001: pki user-find --help configuration test" + rlRun "pki user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki user-find --help" + rlAssertGrep "usage: user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-configtest-002: pki user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-003: Find 5 users, --size=5" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=5 > $TmpDir/pki-user-find-kra-001.out 2>&1" \ - 0 \ - "Found 5 users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=5 > $TmpDir/pki-user-find-kra-001.out 2>&1" \ + 0 \ + "Found 5 users" rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-find-kra-001.out" rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_find-kra-002: Find non user, --size=0" + rlPhaseStartTest "pki_user_cli_user_find-kra-004: Find non user, --size=0" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=0 > $TmpDir/pki-user-find-kra-002.out 2>&1" \ - 0 \ - "Found no users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=0 > $TmpDir/pki-user-find-kra-002.out 2>&1" \ + 0 \ + "Found no users" rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-kra-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-kra-003: Find all users, maximum possible value as input" - maximum_check=1000000 + rlPhaseStartTest "pki_user_cli_user_find-kra-005: Find all users, large value as input" + large_num=1000000 rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=$maximum_check > $TmpDir/pki-user-find-kra-003.out 2>&1" \ - 0 \ - "All users" - rlAssertGrep "Number of entries returned " "$TmpDir/pki-user-find-kra-003.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$large_num > $TmpDir/pki-user-find-kra-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-user-find-kra-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-kra-004: Find users, check for negative input --size=-1" + rlPhaseStartTest "pki_user_cli_user_find-kra-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$maximum_check" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=-1 > $TmpDir/pki-user-find-kra-004.out 2>&1" \ - 0 \ - "No users returned as the size entered is negative value" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-kra-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-user-find-kra-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-kra-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-kra-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=-1 > $TmpDir/pki-user-find-kra-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-kra-004.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-kra-005: Find users for size input as noninteger, --size=abc" + rlPhaseStartTest "pki_user_cli_user_find-kra-009: Find users for size input as noninteger, --size=abc" size_noninteger="abc" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=$size_noninteger > $TmpDir/pki-user-find-kra-005.out 2>&1" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=$size_noninteger > $TmpDir/pki-user-find-kra-005.out 2>&1" \ - 1 \ - "Found 5 users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$size_noninteger > $TmpDir/pki-user-find-kra-005.out 2>&1" \ + 255 \ + "No users returned" rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-kra-005.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-kra-006: Find users, check for no input --size= " + rlPhaseStartTest "pki_user_cli_user_find-kra-010: Find users, check for no input --size=" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size= > $TmpDir/pki-user-find-kra-006.out 2>&1" \ - 1 \ - "No users returned, as --size= " + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size= > $TmpDir/pki-user-find-kra-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-kra-006.out" rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_find-kra-007: Find users, --start=10 " + rlPhaseStartTest "pki_user_cli_user_find-kra-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find > $TmpDir/pki-user-find-kra-007_1.out 2>&1" \ + 0 \ + "Get all users in KRA" + user_entry_10=`cat $TmpDir/pki-user-find-kra-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=10 > $TmpDir/pki-user-find-kra-007.out 2>&1" \ - 0 \ - "Displays users from the 10th user and the next to the maximum 20 users, if available " - rlAssertGrep "Number of entries returned " "$TmpDir/pki-user-find-kra-007.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=10 > $TmpDir/pki-user-find-kra-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-user-find-kra-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-kra-007.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-kra-008: Find users, --start=10000, maximum possible input " + rlPhaseStartTest "pki_user_cli_user_find-kra-012: Find users, --start=10000, large possible input" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=10000 > $TmpDir/pki-user-find-kra-008.out 2>&1" \ - 0 \ - "No users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=10000 > $TmpDir/pki-user-find-kra-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-kra-008.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-kra-009: Find users, --start=0" + rlPhaseStartTest "pki_user_cli_user_find-kra-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-kra-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-kra-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=$maximum_check" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=0 > $TmpDir/pki-user-find-kra-009.out 2>&1" \ - 0 \ - "Displays from the zeroth user, maximum possible are 20 users in a page" - rlAssertGrep "Number of entries returned" "$TmpDir/pki-user-find-kra-009.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-kra-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-kra-008_3.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-kra-0010: Find users, --start=-1" + rlPhaseStartTest "pki_user_cli_user_find-kra-015: Find users, --start=0" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=-1 > $TmpDir/pki-user-find-kra-0010.out 2>&1" \ - 0 \ - "Maximum possible 20 users are returned, starting from the zeroth user" - rlAssertGrep "Number of entries returned" "$TmpDir/pki-user-find-kra-0010.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=0 > $TmpDir/pki-user-find-kra-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-kra-009.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-kra-0011: Find users for size input as noninteger, --start=abc" + rlPhaseStartTest "pki_user_cli_user_find-kra-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=-1 > $TmpDir/pki-user-find-kra-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-user-find-kra-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-017: Find users for size input as noninteger, --start=abc" size_noninteger="abc" rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=$size_noninteger > $TmpDir/pki-user-find-kra-0011.out 2>&1" \ - 1 \ - "Incorrect input to find user" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=$size_noninteger > $TmpDir/pki-user-find-kra-0011.out 2>&1" \ + 255 \ + "Incorrect input to find user" rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-kra-0011.out" rlPhaseEnd - rlPhaseStartTest "Cleanup: Delete the KRA users" - i=1 - while [ $i -le 5 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n \"$KRA_adminV\" \ - -c $CERTDB_DIR_PASSWORD \ - user-del user1$i" \ - 0 \ - "Delete user user1$i" + rlPhaseStartTest "pki_user_cli_user_find-kra-018: Find users, check for no input --start= " + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start= > $TmpDir/pki-user-find-kra-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-kra-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find > $TmpDir/pki-user-find-kra-00_13_1.out 2>&1" \ + 0 \ + "Get all users in KRA" + user_entry_12=`cat $TmpDir/pki-user-find-kra-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=12 --size=12 > $TmpDir/pki-user-find-kra-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-user-find-kra-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-user-find-kra-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find > $TmpDir/pki-user-find-kra-00_14_1.out 2>&1" \ + 0 \ + "Get all users in KRA" + user_entry_12=`cat $TmpDir/pki-user-find-kra-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=12 --size=0 > $TmpDir/pki-user-find-kra-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-kra-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-021: Should not be able to find user using a revoked cert KRA_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-kra-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-kra-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-022: Should not be able to find users using an agent with revoked cert KRA_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-kra-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-kra-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-023: Should not be able to find users using a valid agent KRA_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-kra-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-kra-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-kra-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-kra-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-025: Should not be able to find users using admin user with expired cert KRA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-kra-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-kra-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-kra-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-026: Should not be able to find users using KRA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-kra-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-kra-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-kra-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-027: Should not be able to find users using a KRA_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-kra-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-kra-auditV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-028: Should not be able to find users using a KRA_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-kra-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-kra-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -t kra \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-kra-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-kra-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + -t kra \ + user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password -t kra user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-find-kra-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-kra-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-user-find-kra-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-kra-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-kra-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-kra-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-kra-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='Éric Têko' u26 > $TmpDir/pki-user-show-kra-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-kra-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-show-kra-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-kra-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-00$i.out" let i=$i+1 done - rlPhaseEnd + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done - rlPhaseStartCleanup "pki_user_cli_user_find-cleanup: Delete temp dir" - rlLog "Deleting users created in the above tests" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "KRA instance not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-add-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-add-kra.sh new file mode 100755 index 000000000..772879209 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-add-kra.sh @@ -0,0 +1,871 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-add Add KRA user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-kra.sh +###################################################################################### + +######################################################################## +run_pki-user-cli-user-membership-add-kra_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$kra_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-002: pki user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership > $TmpDir/pki_user_membership_cfg.out 2>&1" \ + 0 \ + "pki user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-find Find user memberships" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-add Add user membership" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-del Remove user membership" "$TmpDir/pki_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-003: pki user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-add --help > $TmpDir/pki_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki user-membership-add --help" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-004: pki user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-add > $TmpDir/pki_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-005: Add users to available groups using valid admin user KRA_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-kra-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-kra-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-kra-00$i.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-kra-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-kra-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-kra-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-kra-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-kra-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-kra-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-006: Add a user to all available groups using KRA_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-kra-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-kra-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show userall > $TmpDir/pki-user-membership-add-user-show-kra-userall-001.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-add-user-show-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-show-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-show-kra-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-kra-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-kra-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-kra-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-kra-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-kra-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show user1 > $TmpDir/pki-user-membership-add-user-show-kra-user1-001.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-user-membership-add-user-show-kra-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-show-kra-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-show-kra-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-kra-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-kra-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminV -c $CERTDB_DIR_PASSWORD -t kra user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-add-user-add-kra-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminV -c $CERTDB_DIR_PASSWORD -t kra user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-009: Should be able to user-membership-add user name with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='ÖrjanÄke' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='ÖrjanÄke' u9" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminV -c $CERTDB_DIR_PASSWORD -t kra user-membership-add u9 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-kra-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-kra-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-kra-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminV -c $CERTDB_DIR_PASSWORD -t kra user-membership-find u9" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-find-kra-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-find-kra-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-010: Should be able to user-membership-add user to group id with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-kra-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-kra-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-kra-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-kra-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-add-groupadd-kra-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-kra-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-kra-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find u10 > $TmpDir/pki-user-membership-add-groupadd-find-kra-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-find-kra-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-011: Should not be able to user-membership-add using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminR -c $CERTDB_DIR_PASSWORD -t kra user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-012: Should not be able to user-membership-add using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${KRA_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t kra user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-013: Should not be able to user-membership-add using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${KRA_INST}_adminE -c $CERTDB_DIR_PASSWORD -t kra user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using admin user with expired cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-014: Should not be able to user-membership-add using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${KRA_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-015: Should not be able to user-membership-add using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n ${KRA_INST}_auditV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t kra user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-016: Should not be able to user-membership-add using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n ${KRA_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-017: Should not be able to user-membership-add using KRA_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-user-membership-add-user-add-kra-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add $user2 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-kra-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-kra-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-kra-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find $user2 > $TmpDir/pki-user-membership-find-groupadd-find-kra-$user2-019.out" \ + 0 \ + "Find user-membership to groups of $user2" + rlAssertGrep "7 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-$user2-019.out" + rlAssertGrep "Number of entries returned 7" "$TmpDir/pki-user-membership-find-groupadd-find-kra-$user2-019.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-kra-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-kra-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $KRA_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${KRA_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-kra-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-kra-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add $user2 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-kra-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid4\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-kra-usertest2-019_2.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-kra-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find $user2 > $TmpDir/pki-user-membership-add-groupadd-find-kra-usertest1-019_3.out" \ + 0 \ + "Check user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-find-kra-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test_user u19 > $TmpDir/pki-user-add-kra-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-kra-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-kra-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-kra-019_4.out" + rlPhaseEnd + + #Usability test + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-019: User associated with Certificate Manager Agents group only perform asymmetric key recovery" + local user3="testuser3" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_user3\" $user3 > $TmpDir/pki-user-membership-add-user-add-kra-user3-019.out" \ + 0 \ + "Adding user $user3" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add $user3 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add $user3 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-kra-$user3-00$i.out" \ + 0 \ + "Adding user to all groups except Data Recovery Manager Agents group - now adding to \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-kra-$user3-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-kra-$user3-00$i.out" + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User3\" \"$user3\" \ + \"$user3@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $KRA_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user3 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_020_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${KRA_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-cert-add $user3 --input $TmpDir/validcert_020_1.pem > $TmpDir/useraddcert_020_2.out" \ + 0 \ + "Cert is added to the user $user3" + + rlLog "Check $user3 is not in group Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find $user3 > $TmpDir/pki-user-membership-add-groupadd-find-kra-usertest3-020_1.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertNotGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-find-kra-usertest3-020_1.out" + + #Trying to perform Asymmetric key recovery using $user3's cert should fail + local rand=$RANDOM + local client_id=temp$rand + local algo=AES + local action=NULL + local key_size=128 + local usages=wrap + local key_generate_output=$TmpDir/key-generate.out + local key_recover_output=$TmpDir/key-recover.out + local key_recover_output_2=$TmpDir/key-recover-2.out + rlRun "generate_key $client_id $algo $key_size $usages $action $SUBSYSTEM_HOST $(eval echo \$${subsystemId}_UNSECURE_PORT) ${KRA_INST}_agentV $key_generate_output" \ + 0 "Generate Symmetric key with client $client_id, algo $algo, key_size $key_size, usages $usages" + local key_id=$(cat $key_generate_output | grep "Key ID" | awk -F ": " '{print $2}') + + rlLog "Executing pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + -t kra \ + kra-key-recover --keyID $key_id > $key_recover_output" + command="pki -d $TEMP_NSS_DB -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n $user3 -c $TEMP_NSS_DB_PASSWORD -t kra kra-key-recover --keyID $key_id " + + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Asymmetric key recovery using $user3's cert should fail" + #Add user $user3 to Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-kra-usertest3-020_3.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-kra-usertest3-020_3.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-kra-usertest3-020_3.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find $user3 > $TmpDir/pki-user-membership-add-groupadd-find-kra-usertest3-020_4.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-find-kra-usertest3-020_4.out" + + #Trying to perform Asymmetric key recovery using $user3's cert should succeed + rlLog "Executing pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + -t kra \ + kra-key-recover --keyID $key_id > $key_recover_output" + rlRun "pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + -n \"$user3\" \ + kra-key-recover --keyID $key_id > $key_recover_output_2" 0 "Recover key $key_id as $user3 cert" + local recover_request_id=$(cat $key_recover_output_2 | grep "Request ID" | awk -F ": " '{print $2}') + rlAssertGrep "Key ID: $key_id" "$key_recover_output_2" + rlAssertGrep "Type: securityDataRecovery" "$key_recover_output_2" + rlAssertGrep "Status: svc_pending" "$key_recover_output_2" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-KRA-020: Should not be able to add user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -t kra user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-add-kra-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-user-membership-add-user-del-kra-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-membership-add-user-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del userall > $TmpDir/pki-user-del-kra-user-membership-add-user-del-kra-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-user-membership-add-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del user1 > $TmpDir/pki-user-del-kra-user-membership-add-user-del-kra-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-user-membership-add-user-del-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u19 > $TmpDir/pki-user-del-kra-user-membership-add-user-del-kra-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-kra-user-membership-add-user-del-kra-u19-001.out" + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del testuser$i > $TmpDir/pki-user-membership-add-kra-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-user-membership-add-kra-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${KRA_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-del-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-del-kra.sh new file mode 100755 index 000000000..9b7eae6b6 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-del-kra.sh @@ -0,0 +1,907 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-membership-del KRA CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-kra.sh +###################################################################################### + +run_pki-user-cli-user-membership-del-kra_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$kra_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups kra-group-find + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-002: pki user-membership-del --help configuration test" + rlRun "pki user-membership-del --help > $TmpDir/pki_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki user-membership-del --help" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-003: pki user-membership-del configuration test" + rlRun "pki user-membership-del > $TmpDir/pki_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-004: Delete user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-kra-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-kra-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-kra-00$i.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-kra-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-kra-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-kra-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-kra-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-kra-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-kra-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-del u$i \"$gid\" > $TmpDir/pki-user-membership-del-groupdel-del-kra-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupdel-del-kra-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-005: Delete user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-kra-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-kra-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-kra-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-kra-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-kra-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-kra-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-kra-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-del userall \"$gid\" > $TmpDir/pki-user-membership-del-groupadd-kra-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupadd-kra-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-kra-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-del user1 > $TmpDir/pki-user-membership-del-groupadd-kra-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID>" "$TmpDir/pki-user-membership-del-groupadd-kra-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-user-membership-add-user-add-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add user2 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-kra-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-kra-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-del \"\" \"Administrators\" > $TmpDir/pki-user-membership-del-groupadd-kra-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-membership-del-groupadd-kra-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-008: Should not be able to user-membership-del using a revoked cert KRA_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -t kra user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-009: Should not be able to user-membership-del using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-010: Should not be able to user-membership-del using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a valid agent cert KRA_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-011: Should not be able to user-membership-del using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t kra user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using admin user with expired cert KRA_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-012: Should not be able to user-membership-del using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using KRA_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-013: Should not be able to user-membership-del using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using KRA_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-014: Should not be able to user-membership-del using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using KRA_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-015: Should not be able to user-membership-del using KRA_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-016: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-kra-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-kra-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-kra-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-kra-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-kra-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-kra-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-kra-017_2.out" + rlLog "Delete user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-del u10 'dadministʁasjɔ̃' > $TmpDir/pki-user-membership-del-kra-017_3.out" \ + 0 \ + "Delete user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-kra-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-kra-017_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-017: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='ÖrjanÄke' u11 > $TmpDir/pki-user-add-kra-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-kra-018.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-kra-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u11 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-kra-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-kra-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-kra-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-del u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-del-kra-018_3.out" \ + 0 \ + "Delete user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-del-kra-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find u11 > $TmpDir/pki-user-membership-del-groupadd-del-kra-018_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-del-groupadd-del-kra-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-018: Delete user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-del-user-del-kra-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-del-user-del-kra-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-del-user-del-kra-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-del-user-del-kra-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-user-membership-del-user-del-kra-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-membership-del-user-del-kra-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-membership-del-user-del-kra-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-user-membership-del-user-del-kra-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u12 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-kra-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-kra-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u12 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-kra-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-kra-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-member-find Administrators > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u12 > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-member-find $groupid4 > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_7.out" \ + 0 \ + "List members of $groupid4 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-del-user-add-kra-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-kra-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-kra-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-add --fullName=test_user u9" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-kra-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-kra-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-kra-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-user-membership-del-groupdel-del-kra-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-user-membership-del-groupdel-del-kra-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-KRA-021: User deleted from the Data Recovery Manager Agents group can not perform asymmetric key recovery" + local user3="testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-kra-22.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-kra-22.out" + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local rand=$RANDOM + local client_id=temp$rand + local algo=AES + local action=NULL + local key_size=128 + local usages=wrap + local key_generate_output=$TmpDir/key-generate.out + local key_recover_output=$TmpDir/key-recover.out + local key_recover_output_2=$TmpDir/key-recover-2.out + rlRun "generate_key $client_id $algo $key_size $usages $action $SUBSYSTEM_HOST $(eval echo \$${subsystemId}_UNSECURE_PORT) ${KRA_INST}_agentV $key_generate_output" \ + 0 "Generate Symmetric key with client $client_id, algo $algo, key_size $key_size, usages $usages" + local key_id=$(cat $key_generate_output | grep "Key ID" | awk -F ": " '{print $2}') + + #Trying to perform Asymmetric key recovery using $user3's cert should succeed + rlLog "Executing pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + -t kra \ + kra-key-recover --keyID $key_id > $key_recover_output" + rlRun "pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + -n \"$user3\" \ + kra-key-recover --keyID $key_id > $key_recover_output" 0 "Recover key $key_id as $user3 cert" + local recover_request_id=$(cat $key_recover_output | grep "Request ID" | awk -F ": " '{print $2}') + rlAssertGrep "Key ID: $key_id" "$key_recover_output" + rlAssertGrep "Type: securityDataRecovery" "$key_recover_output" + rlAssertGrep "Status: svc_pending" "$key_recover_output" + + #Delete $user3 from Data Recovery Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-del $user3 \"$groupid1\" > $TmpDir/pki-user-membership-del-groupdel-del-kra-022_3.out" \ + 0 \ + "User deleted from group \"$groupid1\"" + rlAssertGrep "Deleted membership in group \"$groupid1\"" "$TmpDir/pki-user-membership-del-groupdel-del-kra-022_3.out" + + #Trying to perform Asymmetric key recovery using $user3's cert should fail + rlLog "Executing pki -d $TEMP_NSS_DB \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -n \"$user3\" \ + -t kra \ + kra-key-recover --keyID $key_id" + command="pki -d $TEMP_NSS_DB -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n $user3 -c $TEMP_NSS_DB_PASSWORD -t kra kra-key-recover --keyID $key_id " + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Asymmetric key recovery using $user3's cert should fail" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-del-kra-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 12 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-user-membership-del-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-membership-del-user-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del userall > $TmpDir/pki-user-del-kra-user-membership-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-user-membership-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del user1 > $TmpDir/pki-user-del-kra-user-membership-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-kra-user-membership-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del user2 > $TmpDir/pki-user-del-kra-user-membership-del-user-del-kra-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-kra-user-membership-del-user-del-kra-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del user123 > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del testuser1 > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-testuser1.out" + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-find-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-find-kra.sh new file mode 100755 index 000000000..d46ae8cba --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-find-kra.sh @@ -0,0 +1,765 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-find Find KRA user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-find-kra.sh +###################################################################################### + +run_pki-user-cli-user-membership-find-kra_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$kra_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups kra-group-find + groupid1="Data Recovery Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise KRA Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-002: pki user-membership-find --help configuration test" + rlRun "pki user-membership-find --help > $TmpDir/pki_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki user-membership-find --help" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-003: pki user-membership-find configuration test" + rlRun "pki user-membership-find > $TmpDir/pki_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-004: Find user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-find-user-find-kra-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-find-user-find-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-find-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-find-kra-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u$i > $TmpDir/pki-user-membership-find-user-show-kra-00$i.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-find-user-show-kra-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-show-kra-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-show-kra-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-kra-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-kra-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-kra-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find u$i > $TmpDir/pki-user-membership-find-groupadd-find-kra-00$i.out" \ + 0 \ + "Find user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-kra-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-kra-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-005: Find user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-find-user-find-kra-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-find-user-find-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-find-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-find-kra-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show userall > $TmpDir/pki-user-membership-find-user-show-kra-userall-001.out" \ + 0 \ + "Show pki KRA_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-find-user-show-kra-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-show-kra-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-show-kra-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-kra-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-kra-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-kra-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall > $TmpDir/pki-user-membership-find-groupadd-find-kra-userall-00$i.out" \ + 0 \ + "Find user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-kra-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-user-membership-find-groupadd-find-kra-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-006: Find user-membership of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --start=5 > $TmpDir/pki-user-membership-find-groupadd-find-kra-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-001.out" + rlAssertGrep "Group: $groupid6" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-001.out" + rlAssertGrep "Group: $groupid7" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-001.out" + rlAssertGrep "Group: $groupid8" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-001.out" + rlAssertGrep "Number of entries returned 3" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-007: Find all user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --start=0 > $TmpDir/pki-user-membership-find-groupadd-find-kra-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-002.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-008: Find user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --start=-1 > $TmpDir/pki-user-membership-find-groupadd-find-kra-start-003.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-003.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-009: Find user-memberships when page start greater than available number of groups (start=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --start=9 > $TmpDir/pki-user-membership-find-groupadd-find-kra-start-004.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-kra-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-010: Should not be able to find user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -t kra user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-011: Find user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --size=0 > $TmpDir/pki-user-membership-find-groupadd-find-kra-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-012: Find user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --size=1 > $TmpDir/pki-user-membership-find-groupadd-find-kra-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-013: Find user-memberships when page size is 2 (size=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --size=2 > $TmpDir/pki-user-membership-find-groupadd-find-kra-size-008.out" 0 \ + "user_membership-find with size parameter as 2" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-008.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-014: Find user-memberships when page size is 9 (size=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --size=9 > $TmpDir/pki-user-membership-find-groupadd-find-kra-size-009.out" 0 \ + "user_membership-find with size parameter as 9" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-009.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-015: Find user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --size=100 > $TmpDir/pki-user-membership-find-groupadd-find-kra-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-0010.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-016: Find user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --size=-1 > $TmpDir/pki-user-membership-find-groupadd-find-kra-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-kra-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-017: Should not be able to find user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t kra user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-018: Find user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --start=6 --size=5 > $TmpDir/pki-user-membership-find-kra-019.out" \ + 0 \ + "Find user-membership with page start and page size option" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-kra-019.out" + i=7 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-kra-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-kra-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-019: Find user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --size=$maximum_check > $TmpDir/pki-user-membership-find-kra-020.out 2>&1" \ + 255 \ + "Find user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-kra-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-020: Find user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find userall --start=$maximum_check > $TmpDir/pki-user-membership-find-kra-021.out 2>&1" \ + 255 \ + "Find user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-kra-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-021: Should not be able to user-membership-find using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a revoked cert KRA_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-022: Should not be able to user-membership-find using an agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t kra user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using an agent with revoked cert KRA_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-023: Should not be able to user-membership-find using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t kra user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid agent KRA_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-024: Should not be able to user-membership-find using admin user with expired cert KRA_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t kra user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired admin KRA_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-025: Should not be able to user-membership-find using KRA_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t kra user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired agent KRA_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-026: Should not be able to user-membership-find using KRA_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t kra user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid auditor KRA_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-027: Should not be able to user-membership-find using KRA_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t kra user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid operator KRA_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-028: Should not be able to user-membership-find using KRA_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD -t kra user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-029:Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='Éric Têko' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='Éric Têko' u9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-kra-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-kra-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-kra-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-kra-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u9 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-kra-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-kra-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-kra-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find u9 > $TmpDir/pki-user-membership-find-groupadd-find-kra-031_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-kra-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-030: Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='ÖrjanÄke' u10 > $TmpDir/pki-user-add-kra-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-kra-032.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-kra-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-kra-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-kra-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-kra-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-kra-032_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-kra-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-kra-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-KRA-031: Find user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-find-user-find-kra-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-find-user-find-kra-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-find-user-find-kra-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-find-user-find-kra-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t kra user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-user-membership-find-user-find-kra-033_2.out" 0 "Find user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-user-find-kra-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-find-kra-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using KRA_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del userall > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del user123 > $TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-kra-user-membership-find-user-del-kra-user123.out" + + #===Deleting i18n group created using KRA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-kra-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-kra-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "KRA instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh index d608d2516..48129afda 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh @@ -48,48 +48,62 @@ ######################################################################## run_pki-user-cli-user-mod-kra_tests(){ - -subsystemId=$1 -SUBSYSTEM_TYPE=$2 -MYROLE=$3 -caId=$4 - -KRA_HOST=$(eval echo \$${MYROLE}) -KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) -CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) - #####Create temporary dir to save the output files ##### - rlPhaseStartSetup "pki_user_cli_user_mod_kra-startup: Create temporary directory" + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" rlRun "pushd $TmpDir" - rlPhaseEnd + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi -user1=kra_user -user1fullname="Test kra user" -user2=abcdefghijklmnopqrstuvwxyx12345678 -user3=abc# -user4=abc$ -user5=abc@ -user6=abc? -user7=0 -user1_mod_fullname="Test kra user modified" -user1_mod_email="testkrauser@myemail.com" -user1_mod_passwd="Secret1234" -user1_mod_state="NC" -user1_mod_phone="1234567890" -randsym="" -i18nuser=i18nuser -i18nuserfullname="Örjan Äke" -i18nuser_mod_fullname="kakskümmend" -i18nuser_mod_email="kakskümmend@example.com" -eval ${subsystemId}_adminV_user=${subsystemId}_adminV -eval ${subsystemId}_adminR_user=${subsystemId}_adminR -eval ${subsystemId}_adminE_user=${subsystemId}_adminE -eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA -eval ${subsystemId}_agentV_user=${subsystemId}_agentV -eval ${subsystemId}_agentR_user=${subsystemId}_agentR -eval ${subsystemId}_agentE_user=${subsystemId}_agentE -eval ${subsystemId}_auditV_user=${subsystemId}_auditV -eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + if [ "$kra_instance_created" = "TRUE" ] ; then + KRA_HOST=$(eval echo \$${MYROLE}) + KRA_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + user1=kra_user + user1fullname="Test kra user" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + user1_mod_fullname="Test kra user modified" + user1_mod_email="testkrauser@myemail.com" + user1_mod_passwd="Secret1234" + user1_mod_state="NC" + user1_mod_phone="1234567890" + randsym="" + i18nuser=i18nuser + i18nuserfullname="Örjan Äke" + i18nuser_mod_fullname="kakskümmend" + i18nuser_mod_email="kakskümmend@example.com" + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_auditV_user=${subsystemId}_auditV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV #### Modify a user's full name #### @@ -587,7 +601,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-015:--state as number 0 " #### Modify a user's phone with maximum length and symbols #### rlPhaseStartTest "pki_user_cli_user_mod_kra-017:--phone with maximum length and symbols " - randsym_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + randsym_b64=$(openssl rand -base64 8193 | perl -p -e 's/\n//') randsym=$(echo $randsym_b64 | tr -d /) rlRun "pki -d $CERTDB_DIR \ -n $(eval echo \$${subsystemId}_adminV_user) \ @@ -596,7 +610,8 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-017:--phone with maximum length and -p $KRA_PORT \ -t kra \ user-add --fullName=test usr1" - command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --phone='$randsym' usr1" + special_symbols="#$@*" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $KRA_HOST -p $KRA_PORT -t kra user-mod --phone='$randsym$special_symbols' usr1" errmsg="PKIException: LDAP error (21): error result" errorcode=255 rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" @@ -1075,7 +1090,7 @@ rlPhaseStartTest "pki_user_cli_user_mod_kra-043: Modify a user's email having i1 rlPhaseEnd #===Deleting users===# -rlPhaseStartTest "pki_user_cli_user_kra_cleanup: Deleting role users" +rlPhaseStartCleanup "pki_user_cli_user_kra_cleanup: Deleting role users" i=1 while [ $i -lt 17 ] ; do @@ -1138,4 +1153,7 @@ $i18nuser rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "KRA instance not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh index c34a1a35f..19c10134a 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh @@ -3,10 +3,10 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-show CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-show Show KRA users # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Author: Asha Akkiangady <aakkiang@redhat.com> @@ -39,378 +39,864 @@ . /opt/rhqa_pki/env.sh ###################################################################################### -#pki-user-cli-user-kra.sh should be first executed prior to pki-user-cli-user-add-kra.sh -#pki-user-cli-user-add-kra.sh should be first executed prior to pki-user-cli-user-add-kra.sh +#create_role_users.sh should be first executed prior to pki-user-cli-user-show-kra.sh ###################################################################################### ######################################################################## -# Test Suite Globals -######################################################################## +run_pki-user-cli-user-show-kra_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + # Creating Temporary Directory for pki user-kra + rlPhaseStartSetup "pki user-kra Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -######################################################################## + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi -run_pki-user-cli-user-show-kra_tests(){ - rlPhaseStartSetup "pki_user_cli_user_show-kra-startup:Getting the temp directory and nss certificate db " - rlLog "nss_db directory = $TmpDir/nssdb" - rlLog "temp directory = $CERTDB_DIR" + if [ "$kra_instance_created" = "TRUE" ] ; then + #local variables + user1=kra_agent2 + user1fullname="Test kra_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + rlPhaseStartTest "pki_user_show-configtest: pki user-show configuration test" + rlRun "pki user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \ + 0 \ + "pki user-show" + rlAssertGrep "usage: user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_user_show_cfg.out" rlPhaseEnd + ##### Tests to show KRA users #### - rlPhaseStartTest "pki_user_cli_user_show-KRA-001: Add a user to KRA using KRA_adminV" + rlPhaseStartTest "pki_user_cli_user_show-KRA-001: Add user to KRA using KRA_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" rlLog "Executing: pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show $user1" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show $user1 > $TmpDir/pki-user-show-kra-001.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user $user1" rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-show-kra-001.out" rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-show-kra-001.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-kra-001.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_1:maximum length of user id " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show $user2 > $TmpDir/pki-user-show-kra-001_1.out" \ 0 \ - "Show pki KRA_adminV user" + "Show $user2 user" rlAssertGrep "User \"$user2\"" "$TmpDir/pki-user-show-kra-001_1.out" - rlAssertGrep "User ID: $user2" "$TmpDir/pki-user-show-kra-001_1.out" + actual_userid_string=`cat $TmpDir/pki-user-show-kra-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_1.out" + rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_2:User id with # character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show $user3 > $TmpDir/pki-user-show-kra-001_2.out" \ 0 \ - "Show pki KRA_adminV user" + "Show $user3 user" rlAssertGrep "User \"$user3\"" "$TmpDir/pki-user-show-kra-001_2.out" rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-show-kra-001_2.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_3:User id with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show $user4 > $TmpDir/pki-user-show-kra-001_3.out" \ 0 \ - "Show pki KRA_adminV user" + "Show $user4 user" rlAssertGrep "User \"$user4\"" "$TmpDir/pki-user-show-kra-001_3.out" rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-show-kra-001_3.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_3.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_4:User id with @ character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show $user5 > $TmpDir/pki-user-show-kra-001_4.out" \ 0 \ - "Show pki KRA_adminV user" + "Show $user5 user" rlAssertGrep "User \"$user5\"" "$TmpDir/pki-user-show-kra-001_4.out" rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-show-kra-001_4.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_4.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_5:User id with ? character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show $user6 > $TmpDir/pki-user-show-kra-001_5.out" \ 0 \ - "Show pki KRA_adminV user" + "Show $user6 user" rlAssertGrep "User \"$user6\"" "$TmpDir/pki-user-show-kra-001_5.out" rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-show-kra-001_5.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_5.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_6:User id as 0" + + rlPhaseStartTest "pki_user_cli_user_show-KRA-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show $user7 > $TmpDir/pki-user-show-kra-001_6.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user $user7" rlAssertGrep "User \"$user7\"" "$TmpDir/pki-user-show-kra-001_6.out" rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-show-kra-001_6.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_6.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_7:--email with maximum length " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u1 > $TmpDir/pki-user-show-kra-001_7.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u1" rlAssertGrep "User \"u1\"" "$TmpDir/pki-user-show-kra-001_7.out" rlAssertGrep "User ID: u1" "$TmpDir/pki-user-show-kra-001_7.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_7.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-kra-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-show-kra-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_8:--email with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u2 > $TmpDir/pki-user-show-kra-001_8.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u2" rlAssertGrep "User \"u2\"" "$TmpDir/pki-user-show-kra-001_8.out" rlAssertGrep "User ID: u2" "$TmpDir/pki-user-show-kra-001_8.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_8.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-show-kra-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-show-kra-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_9:--email with # character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u3 > $TmpDir/pki-user-show-kra-001_9.out" \ - 0 \ - "Show pki KRA_adminV user" + 0 \ + "Add user u3" rlAssertGrep "User \"u3\"" "$TmpDir/pki-user-show-kra-001_9.out" rlAssertGrep "User ID: u3" "$TmpDir/pki-user-show-kra-001_9.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_9.out" rlAssertGrep "Email: #" "$TmpDir/pki-user-show-kra-001_9.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_10:--email with * character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u4 > $TmpDir/pki-user-show-kra-001_10.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u4 using ${prefix}_adminV" rlAssertGrep "User \"u4\"" "$TmpDir/pki-user-show-kra-001_10.out" rlAssertGrep "User ID: u4" "$TmpDir/pki-user-show-kra-001_10.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_10.out" rlAssertGrep "Email: *" "$TmpDir/pki-user-show-kra-001_10.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_11:--email with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u5 > $TmpDir/pki-user-show-kra-001_11.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u5 using ${prefix}_adminV" rlAssertGrep "User \"u5\"" "$TmpDir/pki-user-show-kra-001_11.out" rlAssertGrep "User ID: u5" "$TmpDir/pki-user-show-kra-001_11.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_11.out" rlAssertGrep "Email: \\$" "$TmpDir/pki-user-show-kra-001_11.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_12:--email as number 0 " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u6 > $TmpDir/pki-user-show-kra-001_12.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u6 using ${prefix}_adminV" rlAssertGrep "User \"u6\"" "$TmpDir/pki-user-show-kra-001_12.out" rlAssertGrep "User ID: u6" "$TmpDir/pki-user-show-kra-001_12.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_12.out" rlAssertGrep "Email: 0" "$TmpDir/pki-user-show-kra-001_12.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_13:--state with maximum length " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u7 > $TmpDir/pki-user-show-kra-001_13.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u7 using ${prefix}_adminV" rlAssertGrep "User \"u7\"" "$TmpDir/pki-user-show-kra-001_13.out" rlAssertGrep "User ID: u7" "$TmpDir/pki-user-show-kra-001_13.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_13.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-kra-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-show-kra-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-kra-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-kra-001_13.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_14:--state with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u8 > $TmpDir/pki-user-show-kra-001_14.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u8 using ${prefix}_adminV" rlAssertGrep "User \"u8\"" "$TmpDir/pki-user-show-kra-001_14.out" rlAssertGrep "User ID: u8" "$TmpDir/pki-user-show-kra-001_14.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_14.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-show-kra-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-show-kra-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-kra-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-kra-001_14.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_15:--state with # character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u9 > $TmpDir/pki-user-show-kra-001_15.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u9 using ${prefix}_adminV" rlAssertGrep "User \"u9\"" "$TmpDir/pki-user-show-kra-001_15.out" rlAssertGrep "User ID: u9" "$TmpDir/pki-user-show-kra-001_15.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_15.out" rlAssertGrep "State: #" "$TmpDir/pki-user-show-kra-001_15.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_16:--state with * character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u10 > $TmpDir/pki-user-show-kra-001_16.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u10 using ${prefix}_adminV" rlAssertGrep "User \"u10\"" "$TmpDir/pki-user-show-kra-001_16.out" rlAssertGrep "User ID: u10" "$TmpDir/pki-user-show-kra-001_16.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_16.out" rlAssertGrep "State: *" "$TmpDir/pki-user-show-kra-001_16.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_17:--state with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u11 > $TmpDir/pki-user-show-kra-001_17.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u11 using ${prefix}_adminV" rlAssertGrep "User \"u11\"" "$TmpDir/pki-user-show-kra-001_17.out" rlAssertGrep "User ID: u11" "$TmpDir/pki-user-show-kra-001_17.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_17.out" rlAssertGrep "State: \\$" "$TmpDir/pki-user-show-kra-001_17.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_18:--state as number 0 " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u12 > $TmpDir/pki-user-show-kra-001_18.out" \ 0 \ - "Show pki KRA_adminV user" + "Show pki ${prefix}_adminV user" rlAssertGrep "User \"u12\"" "$TmpDir/pki-user-show-kra-001_18.out" rlAssertGrep "User ID: u12" "$TmpDir/pki-user-show-kra-001_18.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_18.out" rlAssertGrep "State: 0" "$TmpDir/pki-user-show-kra-001_18.out" rlPhaseEnd + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_19:--phone with maximum length " + rlPhaseStartTest "pki_user_cli_user_show-KRA-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u13 > $TmpDir/pki-user-show-kra-001_19.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u13 using ${prefix}_adminV" rlAssertGrep "User \"u13\"" "$TmpDir/pki-user-show-kra-001_19.out" rlAssertGrep "User ID: u13" "$TmpDir/pki-user-show-kra-001_19.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_19.out" - rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-kra-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-kra-001_19.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_24:--phone as negative number -1230 " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u14 > $TmpDir/pki-user-show-kra-001_24.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u14 using ${prefix}_adminV" rlAssertGrep "User \"u14\"" "$TmpDir/pki-user-show-kra-001_24.out" rlAssertGrep "User ID: u14" "$TmpDir/pki-user-show-kra-001_24.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_24.out" rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-show-kra-001_24.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_25:--type as Auditors" + rlPhaseStartTest "pki_user_cli_user_show-KRA-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u15 > $TmpDir/pki-user-show-kra-001_25.out" \ 0 \ - "Show pki KRA_adminV user" + "Show user u15 using ${prefix}_adminV" rlAssertGrep "User \"u15\"" "$TmpDir/pki-user-show-kra-001_25.out" rlAssertGrep "User ID: u15" "$TmpDir/pki-user-show-kra-001_25.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_25.out" rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-show-kra-001_25.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_26:--type Certificate Manager Agents " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u16 > $TmpDir/pki-user-show-kra-001_26.out" \ 0 \ - "Show pki KRA user" + "Show user u16 using ${prefix}_adminV" rlAssertGrep "User \"u16\"" "$TmpDir/pki-user-show-kra-001_26.out" rlAssertGrep "User ID: u16" "$TmpDir/pki-user-show-kra-001_26.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_26.out" rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-show-kra-001_26.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_27:--type Registration Manager Agents " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u17 > $TmpDir/pki-user-show-kra-001_27.out" \ 0 \ - "Show pki KRA user" + "Show user u17 using ${prefix}_adminV" rlAssertGrep "User \"u17\"" "$TmpDir/pki-user-show-kra-001_27.out" rlAssertGrep "User ID: u17" "$TmpDir/pki-user-show-kra-001_27.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_27.out" rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-show-kra-001_27.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_28:--type Subsytem Group " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u18 > $TmpDir/pki-user-show-kra-001_28.out" \ 0 \ - "Show pki KRA user" + "Show user u18 using ${prefix}_adminV" rlAssertGrep "User \"u18\"" "$TmpDir/pki-user-show-kra-001_28.out" rlAssertGrep "User ID: u18" "$TmpDir/pki-user-show-kra-001_28.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_28.out" - rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-show-kra-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-user-show-kra-001_28.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_29:--type Security Domain Administrators " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u19 > $TmpDir/pki-user-show-kra-001_29.out" \ 0 \ - "Show pki KRA user" + "Show user u19 using ${prefix}_adminV" rlAssertGrep "User \"u19\"" "$TmpDir/pki-user-show-kra-001_29.out" rlAssertGrep "User ID: u19" "$TmpDir/pki-user-show-kra-001_29.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_29.out" rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-show-kra-001_29.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_30:--type ClonedSubsystems " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u20 > $TmpDir/pki-user-show-kra-001_30.out" \ 0 \ - "Show pki KRA user" + "Show user u20 using ${prefix}_adminV" rlAssertGrep "User \"u20\"" "$TmpDir/pki-user-show-kra-001_30.out" rlAssertGrep "User ID: u20" "$TmpDir/pki-user-show-kra-001_30.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_30.out" rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-show-kra-001_30.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_31:--type Trusted Managers " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u21 > $TmpDir/pki-user-show-kra-001_31.out" \ 0 \ - "Show pki KRA user" + "Show user u21 using ${prefix}_adminV" rlAssertGrep "User \"u21\"" "$TmpDir/pki-user-show-kra-001_31.out" rlAssertGrep "User ID: u21" "$TmpDir/pki-user-show-kra-001_31.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-kra-001_31.out" rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-show-kra-001_31.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_32: Add a user to KRA with -t option" + + rlPhaseStartTest "pki_user_cli_user_show-KRA-029: Show user with -t kra option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - -t kra \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u22 > $TmpDir/pki-user-show-kra-001_32.out" \ 0 \ - "Show pki KRA user" + "Show user u22 using ${prefix}_adminV" rlAssertGrep "User \"u22\"" "$TmpDir/pki-user-show-kra-001_32.out" rlAssertGrep "User ID: u22" "$TmpDir/pki-user-show-kra-001_32.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-kra-001_32.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_33: Add a user -- all options provided" + + rlPhaseStartTest "pki_user_cli_user_show-KRA-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - -t kra \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ user-show u23 > $TmpDir/pki-user-show-kra-001_33.out" \ 0 \ - "Show pki KRA user" - + "Show user u23 using ${prefix}_adminV" rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-kra-001_33.out" rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-kra-001_33.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-kra-001_33.out" @@ -419,25 +905,292 @@ run_pki-user-cli-user-show-kra_tests(){ rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-kra-001_33.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-show-kra-001_33.out" rlPhaseEnd + #Negative Cases - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_34: Missing required option user id " - rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + rlPhaseStartTest "pki_user_cli_user_show-KRA-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show U23 > $TmpDir/pki-user-show-kra-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-user-show-kra-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-kra-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-kra-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-show-kra-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-kra-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-kra-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-show-kra-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-033: Should not be able to show user using a revoked cert KRA_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-034: Should not be able to show user using a agent with revoked cert KRA_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-035: Should not be able to show user using a valid agent KRA_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-036: Should not be able to show user using a KRA_agentR user" + rlLog "To test error message consistency for the request pki_user_cli_user_show-KRA-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t kra user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-037: Should not be able to show user using admin user with expired cert KRA_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-038: Should not be able to show user using KRA_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-039: Should not be able to show user using a KRA_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a audit cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-040: Should not be able to show user using a KRA_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t kra user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u23 > $TmpDir/pki-user-show-kra-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-kra-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-kra-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-show-kra-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-kra-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ - user-show > $TmpDir/pki-user-show-kra-001_34.out 2>&1" \ - 1 \ - "Cannot show user without user id" - rlAssertGrep "usage: user-show <User ID>" "$TmpDir/pki-user-show-kra-001_34.out" + user-show \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show \"$user_length_exceed_max\" > $TmpDir/pki-user-show-kra-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-kra-001_50.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-KRA-001_35: Checking if user id case sensitive " + + rlPhaseStartTest "pki_user_cli_user_show-KRA-044: user name with i18n characters" + rlLog "user-add user name ÖrjanÄke with i18n characters" rlRun "pki -d $CERTDB_DIR \ - -n KRA_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t kra \ - user-show U23 > $TmpDir/pki-user-show-kra-001_35.out 2>&1" \ - 1 \ - "Cannot show user since the user id is case sensitive" - rlAssertGrep "UserNotFoundException: User U23 not found" "$TmpDir/pki-user-show-kra-001_35.out" + user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-user-show-kra-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u24 > $TmpDir/pki-user-show-kra-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-kra-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-kra-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-user-show-kra-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-KRA-045: user name with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-user-show-kra-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-show u25 > $TmpDir/pki-user-show-kra-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-user-show-kra-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-kra-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-user-show-kra-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t kra \ + user-del u$i > $TmpDir/pki-user-del-kra-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-kra-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t kra \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-del $usr > $TmpDir/pki-user-del-kra-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-kra-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "KRA instance is not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh index 11dc030fd..e804274b1 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh @@ -6,14 +6,14 @@ # Description: PKI user-add CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-add Add users to pki OCSP subsystem. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Author: Asha Akkiangady <aakkiang@redhat.com> +# Author: Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms @@ -32,845 +32,703 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include rhts environment -. /usr/bin/rhts-environment.sh . /usr/share/beakerlib/beakerlib.sh . /opt/rhqa_pki/rhcs-shared.sh . /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh -###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-add-ca.sh -#pki-user-cli-user-ocsp.sh -###################################################################################### - ######################################################################## -# Test Suite Globals +#create_role_users.sh should be first executed prior to pki-user-cli-user-add-ocsp.sh ######################################################################## +run_pki-user-cli-user-add-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId -user1="ocsp_agent2" -user1fullname="Test ocsp_agent" + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -######################################################################## + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi -run_pki-user-cli-user-add-ocsp_tests(){ - rlPhaseStartSetup "pki_user_cli_user_add-ocsp-startup:Getting nss certificate db " - rlLog "Certificate directory = $CERTDB_DIR" + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli-configtest: pki user --help configuration test" + rlRun "pki user --help > $TmpDir/pki_user_cfg.out 2>&1" \ + 0 \ + "pki user --help" + rlAssertGrep "user-find Find users" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-show Show user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-add Add user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-mod Modify user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-del Remove user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-cert User certificate management commands" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-membership User membership management commands" "$TmpDir/pki_user_cfg.out" rlPhaseEnd - #====Ticket corresponding to pki_user_cli_user_add-configtest : https://fedorahosted.org/pki/ticket/519=====# + rlPhaseStartTest "pki_user_cli_user_add-configtest: pki user-add configuration test" - rlRun "pki user-add > $TmpDir/pki_user_add_cfg.out" \ - 1 \ - "https://fedorahosted.org/pki/ticket/519" - rlAssertGrep "usage: user-add <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" + rlRun "pki user-add --help > $TmpDir/pki_user_add_cfg.out 2>&1" \ + 0 \ + "pki user-add --help" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--email <email> Email" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--password <password> Password" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--state <state> State" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--type <type> Type" "$TmpDir/pki_user_add_cfg.out" rlPhaseEnd + ##### Tests to add OCSP users using a user of admin group with a valid cert#### rlPhaseStartTest "pki_user_cli_user_add-OCSP-001: Add a user to OCSP using OCSP_adminV" + user1=ocsp_agent2 + user1fullname="Test ocsp_agent" rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" \ - 0 \ - "Add user $user1 to OCSP_adminV" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-show $user1" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-show $user1 > $TmpDir/pki-user-add-ocsp-001.out" \ - 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-add-ocsp-001.out" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -t ocsp -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-001.out" 0 "Add user $user1 to OCSP_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-ocsp-001.out" rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-001.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-001.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_1:maximum length of user id " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abcdefghijklmnopqrstuvwxyx12345678 " \ - 0 \ - "Added user using OCSP_adminV with maximum user id length" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abcdefghijklmnopqrstuvwxyx12345678 > $TmpDir/pki-user-add-ocsp-001_1.out" \ - 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abcdefghijklmnopqrstuvwxyx12345678\"" "$TmpDir/pki-user-add-ocsp-001_1.out" - rlAssertGrep "User ID: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-ocsp-001_1.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-ocsp-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-user-add-ocsp-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_1.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abcdefghijklmnopqrstuvwxyx12345678 " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_2:User id with # character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc# " \ - 0 \ - "Added user using OCSP_adminV, user id with # character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-003:User id with # character" + user3=abc# rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc# > $TmpDir/pki-user-add-ocsp-001_2.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user3 > $TmpDir/pki-user-add-ocsp-001_2.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abc#\"" "$TmpDir/pki-user-add-ocsp-001_2.out" - rlAssertGrep "User ID: abc#" "$TmpDir/pki-user-add-ocsp-001_2.out" + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-user-add-ocsp-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-add-ocsp-001_2.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_2.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc# " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_3:User id with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc$ " \ - 0 \ - "Added user using OCSP_adminV, user id with $ character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-004:User id with $ character" + user4=abc$ rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc$ > $TmpDir/pki-user-add-ocsp-001_3.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user4 > $TmpDir/pki-user-add-ocsp-001_3.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abc$\"" "$TmpDir/pki-user-add-ocsp-001_3.out" + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-user-add-ocsp-001_3.out" rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-add-ocsp-001_3.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_3.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc$ " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_4:User id with @ character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc@ " \ - 0 \ - "Added user using OCSP_adminV, user id with @ character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-005:User id with @ character" + user5=abc@ rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc@ > $TmpDir/pki-user-add-ocsp-001_4.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user5 > $TmpDir/pki-user-add-ocsp-001_4.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abc@\"" "$TmpDir/pki-user-add-ocsp-001_4.out" - rlAssertGrep "User ID: abc@" "$TmpDir/pki-user-add-ocsp-001_4.out" + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-user-add-ocsp-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-add-ocsp-001_4.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_4.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc@ " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_5:User id with ? character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc? " \ - 0 \ - "Added user using OCSP_adminV, user id with ? character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-006:User id with ? character" + user6=abc? rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc? > $TmpDir/pki-user-add-ocsp-001_5.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user6 > $TmpDir/pki-user-add-ocsp-001_5.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abc?\"" "$TmpDir/pki-user-add-ocsp-001_5.out" - rlAssertGrep "User ID: abc?" "$TmpDir/pki-user-add-ocsp-001_5.out" + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-user-add-ocsp-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-add-ocsp-001_5.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_5.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc? " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_6:User id as 0" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test 0 " \ - 0 \ - "Added user using OCSP_adminV, user id 0" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-007:User id as 0" + user7=0 rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show 0 > $TmpDir/pki-user-add-ocsp-001_6.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user7 > $TmpDir/pki-user-add-ocsp-001_6.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"0\"" "$TmpDir/pki-user-add-ocsp-001_6.out" - rlAssertGrep "User ID: 0" "$TmpDir/pki-user-add-ocsp-001_6.out" + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-user-add-ocsp-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-add-ocsp-001_6.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_6.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del 0 " \ - 0 \ - "Delete user from OCSP" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_7:--email with maximum length " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=abcdefghijklmnopqrstuvwxyx12345678 a " \ - 0 \ - "Added user using OCSP_adminV with maximum --email length" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show a > $TmpDir/pki-user-add-ocsp-001_7.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-user-add-ocsp-001_7.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"a\"" "$TmpDir/pki-user-add-ocsp-001_7.out" - rlAssertGrep "User ID: a" "$TmpDir/pki-user-add-ocsp-001_7.out" + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-user-add-ocsp-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-user-add-ocsp-001_7.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_7.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-ocsp-001_7.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del a" \ - 0 \ - "Delete user from OCSP" + actual_email_string=`cat $TmpDir/pki-user-add-ocsp-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_8:--email with maximum length and symbols " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=abcdefghijklmnopqrstuvwxyx12345678#?*@$ b " \ - 0 \ - "Added user using OCSP_adminV with maximum --email length and character symbols in it" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show b > $TmpDir/pki-user-add-ocsp-001_8.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email='$email' u2 > $TmpDir/pki-user-add-ocsp-001_8.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"b\"" "$TmpDir/pki-user-add-ocsp-001_8.out" - rlAssertGrep "User ID: b" "$TmpDir/pki-user-add-ocsp-001_8.out" + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-user-add-ocsp-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-user-add-ocsp-001_8.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_8.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-add-ocsp-001_8.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del b" \ - 0 \ - "Delete user from OCSP" + actual_email_string=`cat $TmpDir/pki-user-add-ocsp-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_9:--email with # character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=# d " \ - 0 \ - "Added user using OCSP_adminV with --email # character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-010:--email with # character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show d > $TmpDir/pki-user-add-ocsp-001_9.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=# u3 > $TmpDir/pki-user-add-ocsp-001_9.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"d\"" "$TmpDir/pki-user-add-ocsp-001_9.out" - rlAssertGrep "User ID: d" "$TmpDir/pki-user-add-ocsp-001_9.out" + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-user-add-ocsp-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-user-add-ocsp-001_9.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_9.out" rlAssertGrep "Email: #" "$TmpDir/pki-user-add-ocsp-001_9.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del d " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_10:--email with * character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=* e " \ - 0 \ - "Added user using OCSP_adminV with --email * character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-011:--email with * character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show e > $TmpDir/pki-user-add-ocsp-001_10.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=* u4 > $TmpDir/pki-user-add-ocsp-001_10.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"e\"" "$TmpDir/pki-user-add-ocsp-001_10.out" - rlAssertGrep "User ID: e" "$TmpDir/pki-user-add-ocsp-001_10.out" + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-user-add-ocsp-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-user-add-ocsp-001_10.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_10.out" rlAssertGrep "Email: *" "$TmpDir/pki-user-add-ocsp-001_10.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del e " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_11:--email with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=$ f " \ - 0 \ - "Added user using OCSP_adminV with --email $ character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-012:--email with $ character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show f > $TmpDir/pki-user-add-ocsp-001_11.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=$ u5 > $TmpDir/pki-user-add-ocsp-001_11.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"f\"" "$TmpDir/pki-user-add-ocsp-001_11.out" - rlAssertGrep "User ID: f" "$TmpDir/pki-user-add-ocsp-001_11.out" + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-user-add-ocsp-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-user-add-ocsp-001_11.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_11.out" rlAssertGrep "Email: \\$" "$TmpDir/pki-user-add-ocsp-001_11.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del f " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_12:--email as number 0 " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=0 z " \ - 0 \ - "Added user using OCSP_adminV with --email 0" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-013:--email as number 0" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show z > $TmpDir/pki-user-add-ocsp-001_12.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=0 u6 > $TmpDir/pki-user-add-ocsp-001_12.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"z\"" "$TmpDir/pki-user-add-ocsp-001_12.out" - rlAssertGrep "User ID: z" "$TmpDir/pki-user-add-ocsp-001_12.out" + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-user-add-ocsp-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-user-add-ocsp-001_12.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_12.out" rlAssertGrep "Email: 0" "$TmpDir/pki-user-add-ocsp-001_12.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del z" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_13:--state with maximum length " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=abcdefghijklmnopqrstuvwxyx12345678 h " \ - 0 \ - "Added user using OCSP_adminV with maximum --state length" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show h > $TmpDir/pki-user-add-ocsp-001_13.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-user-add-ocsp-001_13.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"h\"" "$TmpDir/pki-user-add-ocsp-001_13.out" - rlAssertGrep "User ID: h" "$TmpDir/pki-user-add-ocsp-001_13.out" + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-user-add-ocsp-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-user-add-ocsp-001_13.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_13.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-ocsp-001_13.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del h " \ - 0 \ - "Delete user from OCSP" + actual_state_string=`cat $TmpDir/pki-user-add-ocsp-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-ocsp-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-ocsp-001_13.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_14:--state with maximum length and symbols " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=abcdefghijklmnopqrstuvwxyx12345678#?*@$ i " \ - 0 \ - "Added user using OCSP_adminV with maximum --state length and character symbols in it" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show i > $TmpDir/pki-user-add-ocsp-001_14.out" \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state='$state' u8 > $TmpDir/pki-user-add-ocsp-001_14.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"i\"" "$TmpDir/pki-user-add-ocsp-001_14.out" - rlAssertGrep "User ID: i" "$TmpDir/pki-user-add-ocsp-001_14.out" + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-user-add-ocsp-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-user-add-ocsp-001_14.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_14.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-add-ocsp-001_14.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del i " \ - 0 \ - "Delete user from OCSP" + actual_state_string=`cat $TmpDir/pki-user-add-ocsp-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-ocsp-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-ocsp-001_14.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_15:--state with # character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=# j " \ - 0 \ - "Added user using OCSP_adminV with --state # character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-016:--state with # character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show j > $TmpDir/pki-user-add-ocsp-001_15.out" \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state=# u9 > $TmpDir/pki-user-add-ocsp-001_15.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"j\"" "$TmpDir/pki-user-add-ocsp-001_15.out" - rlAssertGrep "User ID: j" "$TmpDir/pki-user-add-ocsp-001_15.out" + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-ocsp-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-ocsp-001_15.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_15.out" rlAssertGrep "State: #" "$TmpDir/pki-user-add-ocsp-001_15.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del j" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_16:--state with * character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=* k " \ - 0 \ - "Added user using OCSP_adminV with --state * character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-017:--state with * character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show k > $TmpDir/pki-user-add-ocsp-001_16.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=* u10 > $TmpDir/pki-user-add-ocsp-001_16.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"k\"" "$TmpDir/pki-user-add-ocsp-001_16.out" - rlAssertGrep "User ID: k" "$TmpDir/pki-user-add-ocsp-001_16.out" + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-ocsp-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-ocsp-001_16.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_16.out" rlAssertGrep "State: *" "$TmpDir/pki-user-add-ocsp-001_16.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del k " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_17:--state with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=$ l " \ - 0 \ - "Added user using OCSP_adminV with --state $ character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-018:--state with $ character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show l > $TmpDir/pki-user-add-ocsp-001_17.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=$ u11 > $TmpDir/pki-user-add-ocsp-001_17.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"l\"" "$TmpDir/pki-user-add-ocsp-001_17.out" - rlAssertGrep "User ID: l" "$TmpDir/pki-user-add-ocsp-001_17.out" + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-ocsp-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-ocsp-001_17.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_17.out" rlAssertGrep "State: \\$" "$TmpDir/pki-user-add-ocsp-001_17.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del l " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_18:--state as number 0 " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=0 m " \ - 0 \ - "Added user using OCSP_adminV with --state 0" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-019:--state as number 0" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show m > $TmpDir/pki-user-add-ocsp-001_18.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=0 u12 > $TmpDir/pki-user-add-ocsp-001_18.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"m\"" "$TmpDir/pki-user-add-ocsp-001_18.out" - rlAssertGrep "User ID: m" "$TmpDir/pki-user-add-ocsp-001_18.out" + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-add-ocsp-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-add-ocsp-001_18.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_18.out" rlAssertGrep "State: 0" "$TmpDir/pki-user-add-ocsp-001_18.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del m" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_19:--phone with maximum length " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=abcdefghijklmnopqrstuvwxyx12345678 n " \ - 0 \ - "Added user using OCSP_adminV with maximum --phone length" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-show n > $TmpDir/pki-user-add-ocsp-001_19.out" \ + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-user-add-ocsp-001_19.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"n\"" "$TmpDir/pki-user-add-ocsp-001_19.out" - rlAssertGrep "User ID: n" "$TmpDir/pki-user-add-ocsp-001_19.out" + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-user-add-ocsp-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-user-add-ocsp-001_19.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_19.out" - rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-ocsp-001_19.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del n " \ - 0 \ - "Delete user from OCSP" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ocsp-001_19.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_20:--phone with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=abcdefghijklmnopqrstuvwxyx12345678#?*@$ o > $TmpDir/pki-user-add-ocsp-001_20.out 2>&1"\ - 1 \ - "Cannot add user using OCSP_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_20.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-user-add-ocsp-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_21:--phone with # character " + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-022:--phone with # character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=# p > $TmpDir/pki-user-add-ocsp-001_21.out 2>&1" \ - 1 \ - "Cannot add user using OCSP_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_21.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=# usr2 > $TmpDir/pki-user-add-ocsp-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_22:--phone with * character " + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-023:--phone with * character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=* q > $TmpDir/pki-user-add-ocsp-001_22.out 2>&1" \ - 1 \ - "Cannot add user using OCSP_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_22.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=* usr3 > $TmpDir/pki-user-add-ocsp-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_23:--phone with $ character " + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-024:--phone with $ character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=$ r > $TmpDir/pki-user-add-ocsp-001_23.out 2>&1" \ - 1 \ - "Cannot add user using OCSP_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_23.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-user-add-ocsp-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_24:--phone as negative number -1230 " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=-1230 s " \ - 0 \ - "Added user using OCSP_adminV with --phone -1230" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-025:--phone as negative number -1230" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show s > $TmpDir/pki-user-add-ocsp-001_24.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-user-add-ocsp-001_24.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"s\"" "$TmpDir/pki-user-add-ocsp-001_24.out" - rlAssertGrep "User ID: s" "$TmpDir/pki-user-add-ocsp-001_24.out" + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-user-add-ocsp-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-user-add-ocsp-001_24.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_24.out" rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-add-ocsp-001_24.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del s " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_25:--type as Auditors" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=Auditors t " \ - 0 \ - "Added user using OCSP_adminV with --type Auditors" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-026:--type as Auditors" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show t > $TmpDir/pki-user-add-ocsp-001_25.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-user-add-ocsp-001_25.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"t\"" "$TmpDir/pki-user-add-ocsp-001_25.out" - rlAssertGrep "User ID: t" "$TmpDir/pki-user-add-ocsp-001_25.out" + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-ocsp-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-ocsp-001_25.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_25.out" rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-add-ocsp-001_25.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del t " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_26:--type Data Recovery Manager Agents " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Certificate Manager Agents\" t" \ - 0 \ - "Added user using OCSP_adminV --type Certificate Manager Agents" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-027:--type Certificate Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show t > $TmpDir/pki-user-add-ocsp-001_26.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-user-add-ocsp-001_26.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"t\"" "$TmpDir/pki-user-add-ocsp-001_26.out" - rlAssertGrep "User ID: t" "$TmpDir/pki-user-add-ocsp-001_26.out" + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-user-add-ocsp-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-add-ocsp-001_26.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_26.out" rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-add-ocsp-001_26.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del t " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_27:--type Registration Manager Agents " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Registration Manager Agents\" u " \ - 0 \ - "Added user using OCSP_adminV with --type Registration Manager Agents" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-028:--type Registration Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show u > $TmpDir/pki-user-add-ocsp-001_27.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-user-add-ocsp-001_27.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"u\"" "$TmpDir/pki-user-add-ocsp-001_27.out" - rlAssertGrep "User ID: u" "$TmpDir/pki-user-add-ocsp-001_27.out" + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-user-add-ocsp-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-user-add-ocsp-001_27.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_27.out" rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-add-ocsp-001_27.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del u" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_28:--type Subsytem Group " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Subsytem Group\" v " \ - 0 \ - "Added user using OCSP_adminV with --type Subsytem Group" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-029:--type Subsytem Group" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show v > $TmpDir/pki-user-add-ocsp-001_28.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-user-add-ocsp-001_28.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"v\"" "$TmpDir/pki-user-add-ocsp-001_28.out" - rlAssertGrep "User ID: v" "$TmpDir/pki-user-add-ocsp-001_28.out" + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-user-add-ocsp-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-user-add-ocsp-001_28.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_28.out" rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-add-ocsp-001_28.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del v" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_29:--type Security Domain Administrators " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Security Domain Administrators\" w " \ - 0 \ - "Added user using OCSP_adminV with --type Security Domain Administrators" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-030:--type Security Domain Administrators" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show w > $TmpDir/pki-user-add-ocsp-001_29.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-user-add-ocsp-001_29.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"w\"" "$TmpDir/pki-user-add-ocsp-001_29.out" - rlAssertGrep "User ID: w" "$TmpDir/pki-user-add-ocsp-001_29.out" + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-ocsp-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-ocsp-001_29.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_29.out" rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-add-ocsp-001_29.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del w" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_30:--type ClonedSubsystems " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=ClonedSubsystems x " \ - 0 \ - "Added user using OCSP_adminV with --type ClonedSubsystems" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-031:--type ClonedSubsystems" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show x > $TmpDir/pki-user-add-ocsp-001_30.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-user-add-ocsp-001_30.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"x\"" "$TmpDir/pki-user-add-ocsp-001_30.out" - rlAssertGrep "User ID: x" "$TmpDir/pki-user-add-ocsp-001_30.out" + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-ocsp-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-ocsp-001_30.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_30.out" rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-add-ocsp-001_30.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del x " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_31:--type Trusted Managers " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Trusted Managers\" y " \ - 0 \ - "Added user using OCSP_adminV with --type Trusted Managers" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-032:--type Trusted Managers" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show y > $TmpDir/pki-user-add-ocsp-001_31.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-user-add-ocsp-001_31.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"y\"" "$TmpDir/pki-user-add-ocsp-001_31.out" - rlAssertGrep "User ID: y" "$TmpDir/pki-user-add-ocsp-001_31.out" + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-user-add-ocsp-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-user-add-ocsp-001_31.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_31.out" rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-add-ocsp-001_31.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del y " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-002: Add a duplicate user to CA" - command="pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-ocsp-002.out 2>&1 " - - rlLog "Command=$command" - expmsg="ConflictingOperationException: Entry already exists." - rlRun "$command" 1 "Add duplicate user" - rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ocsp-002.out" - rlLog "Clean-up:" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del $user1" \ - 0 \ - "Delete user from OCSP" - rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_add-OCSP-003: Add a user to OCSP with -t option" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-033:--type Dummy Group" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-003.out" \ - 0 \ - "Add user $user1 to CA" - rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-ocsp-003.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-003.out" - rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-003.out" - - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-show $user1 > $TmpDir/pki-user-add-ocsp-003_1.out" \ - 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-add-ocsp-003_1.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-003_1.out" - rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-003_1.out" - rlLog "Clean-up:" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-del $user1" \ - 0 \ - "Delete user from OCSP" + user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-user-add-ocsp-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_add-OCSP-004: Add a user -- missing required option user id" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + rlPhaseStartTest "pki_user_cli_user_add-OCSP-034: Add a duplicate user to OCSP" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - user-add --fullName=\"$user1fullname\" " + user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-ocsp-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ocsp-002.out" + rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_add-OCSP-036: Add a user -- missing required option user id" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$user1fullname\" > $TmpDir/pki-user-add-ocsp-004.out" \ - 1\ + 255 \ "Add user -- missing required option user id" - rlAssertGrep "usage: user-add <User ID> \[OPTIONS...\]" "$TmpDir/pki-user-add-ocsp-004.out" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-user-add-ocsp-004.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-005: Add a user -- missing required option --fullName" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-037: Add a user -- missing required option --fullName" command="pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add $user1 > $TmpDir/pki-user-add-ocsp-005.out 2>&1" - expmsg="Error: Missing required option: fullName" - rlLog "Executing: $command" - rlRun "$command" 1 "Add a user -- missing required option --fullName" - rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ocsp-005.out" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-006: Add a user -- all options provided" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-038: Add a user -- all options provided" email="ocsp_agent2@myemail.com" user_password="agent2Password" phone="1234567890" state="NC" type="Administrators" rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$user1fullname\" \ --email $email \ @@ -878,11 +736,13 @@ run_pki-user-cli-user-add-ocsp_tests(){ --phone $phone \ --state $state \ --type $type \ - $user1" + u23" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$user1fullname\" \ --email $email \ @@ -890,79 +750,52 @@ run_pki-user-cli-user-add-ocsp_tests(){ --phone $phone \ --state $state \ --type $type \ - $user1 > $TmpDir/pki-user-add-ocsp-006_1.out" \ + u23 > $TmpDir/pki-user-add-ocsp-006_1.out" \ 0 \ - "Add user $user1 to OCSP -- all options provided" - rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-ocsp-006_1.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-006_1.out" + "Add user u23 to OCSP -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-user-add-ocsp-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-add-ocsp-006_1.out" + rlPhaseEnd - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-show $user1 > $TmpDir/pki-user-add-ocsp-006.out" \ - 0 \ - "Show pki OCSP user" - - rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "State: $state" "$TmpDir/pki-user-add-ocsp-006.out" - rlLog "Clean-up:" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-del $user1" \ - 0 \ - "Delete user from OCSP" - - rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_add-OCSP-007: Add user to multiple groups" - user=multigroup_user + rlPhaseStartTest "pki_user_cli_user_add-OCSP-039: Add user to multiple groups" + user=u24 userfullname="Multiple Group User" email="multiplegroup@myemail.com" user_password="admin2Password" phone="1234567890" state="NC" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add --fullName=\"$userfullname\" \ - --email $email \ - --password $user_password \ - --phone $phone \ - --state $state \ - $user" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$userfullname\" \ --email $email \ --password $user_password \ --phone $phone \ --state $state \ - $user" \ + $user > $TmpDir/pki-user-add-ocsp-006.out " \ 0 \ - "Add user $user using OCSP_adminV" - + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-add-ocsp-006.out" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - group-add-member Administrators $user > $TmpDir/pki-user-add-ocsp-007_1.out" \ + group-member-add Administrators $user > $TmpDir/pki-user-add-ocsp-007_1.out" \ 0 \ "Add user $user to Administrators group" @@ -970,220 +803,746 @@ run_pki-user-cli-user-add-ocsp_tests(){ rlAssertGrep "User: $user" "$TmpDir/pki-user-add-ocsp-007_1.out" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - group-find-member Administrators > $TmpDir/pki-user-add-ocsp-007.out" \ + group-member-find Administrators > $TmpDir/pki-user-add-ocsp-007.out" \ 0 \ - "Show pki group-find-member Administrators" + "Show pki group-member-find Administrators" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - group-add-member \"Certificate Manager Agents\" $user > $TmpDir/pki-user-add-ocsp-007_1_1.out" \ + group-member-add \"Online Certificate Status Manager Agents\" $user > $TmpDir/pki-user-add-ocsp-007_1_1.out" \ 0 \ - "Add user $user to Administrators group" + "Add user $user to Online Certificate Status Manager Agents" rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-ocsp-007_1_1.out" rlAssertGrep "User: $user" "$TmpDir/pki-user-add-ocsp-007_1_1.out" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - group-find-member \"Certificate Manager Agents\" > $TmpDir/pki-user-add-ocsp-007_2.out" \ + group-member-find \"Online Certificate Status Manager Agents\" > $TmpDir/pki-user-add-ocsp-007_2.out" \ 0 \ - "Show pki group-find-member Administrators" + "Show pki group-member-find Online Certificate Status Manager Agents" rlAssertGrep "User: $user" "$TmpDir/pki-user-add-ocsp-007_2.out" - - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-del $user" \ - 0 \ - "Delete user $user " - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-008: Add user with --password " + rlPhaseStartTest "pki_user_cli_user_add-OCSP-040: Add user with --password less than 8 characters" userpw="pass" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-ocsp-008.out 2>&1" expmsg="PKIException: The password must be at least 8 characters" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-ocsp-008.out 2>&1" \ - 1 \ + 255 \ "Add a user --must be at least 8 characters --password" rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ocsp-008.out" - rlPhaseEnd ##### Tests to add users using revoked cert##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-009: Cannot add user using a revoked cert OCSP_adminR" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-041: Should not be able to add user using a revoked cert OCSP_adminR" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminR \ + -n ${prefix}_adminR \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-revoke-adminR-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a user having revoked cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-revoke-adminR-002.out" + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-009_1: Cannot add user using a agent or a revoked cert OCSP_agentR" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_agentR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-042: Should not be able to add user using a agent with revoked cert OCSP_agentR" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_agentR \ + -n ${prefix}_agentR \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-revoke-agentR-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a user having revoked cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-revoke-agentR-002.out" + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" rlPhaseEnd ##### Tests to add users using an agent user##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0010: Cannot add user using a OCSP_agentV user" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_agentV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-043: Should not be able to add user using a valid agent OCSP_agentV user" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_agentV \ + -n ${prefix}_agentV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentV-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ocsp-agentV-002.out" + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ocsp-agentV-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0011: Cannot add user using a OCSP_agentR user" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_agentR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_agentR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentR-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-agentR-002.out" + ##### Tests to add users using OCSP_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_user_cli_user_add-OCSP-044: Should not be able to add user using a OCSP_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-agentUTCA-002.out" rlPhaseEnd + ##### Tests to add users using expired cert##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0012: Cannot add user using a OCSP_adminE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminE \ - -c $CERTDB_DIR_PASSWORD \ + rlPhaseStartTest "pki_user_cli_user_add-OCSP-045: Should not be able to add user using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminE \ + -n ${prefix}_adminE \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-adminE-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "RuntimeException: java.io.IOException: SocketException cannot read on socket" "$TmpDir/pki-user-add-ocsp-adminE-002.out" + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ocsp-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0013: Cannot add user using a OCSP_agentE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-046: Should not be able to add user using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_agentE \ + -n ${prefix}_agentE \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_agentE \ + -n ${prefix}_agentE \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentE-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "RuntimeException: java.io.IOException: SocketException cannot read on socket" "$TmpDir/pki-user-add-ocsp-agentE-002.out" + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ocsp-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd ##### Tests to add users using audit users##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0012: Cannot add user using a OCSP_auditV" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_auditV \ + rlPhaseStartTest "pki_user_cli_user_add-OCSP-047: Should not be able to add user using a OCSP_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_auditV \ + -n ${prefix}_auditV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-auditV-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a audit cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ocsp-auditV-002.out" + 255 \ + "Should not be able to add user $user1 using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ocsp-auditV-002.out" rlPhaseEnd - ##### Tests to add users using operator user### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0013: Cannot add user using a OCSP_operatorV" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_operatorV \ + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_user_cli_user_add-OCSP-048: Should not be able to add user using a OCSP_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ocsp-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-049: Should not be able to add user using a cert created from a untrusted OCSP OCSP_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test \"$user_length_exceed_max\"" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_operatorV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-operatorV-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a operator cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ocsp-operatorV-002.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-user-add-ocsp-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-user-add-ocsp-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ocsp-001_50.out" rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_add-OCSP-051: fullname with i18n characters" + rlLog "user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-user-add-ocsp-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-user-add-ocsp-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-add-ocsp-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-add-ocsp-001_51.out" + rlPhaseEnd - ##### Tests to add users using OCSP_adminUTOCSP and OCSP_agentUTOCSP user's certificate will be issued by an untrusted OCSP users##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0014: Cannot add user using a OCSP_adminUTOCSP" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-052: fullname with i18n characters" + rlLog "user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u27 > $TmpDir/pki-user-add-ocsp-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-user-add-ocsp-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-user-add-ocsp-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-add-ocsp-001_52.out" + rlPhaseEnd - rlLog "Executing: pki -d /tmp/untrusted_cert_db \ - -n OCSP_adminUTOCSP \ - -c Password \ - user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d /tmp/untrusted_cert_db \ - -n OCSP_adminUTOCSP \ - -c Password \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-adminUTOCSP-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a untrusted cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-adminUTOCSP-002.out" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-053: fullname with i18n characters" + rlLog "user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-user-add-ocsp-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-user-add-ocsp-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-ocsp-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-user-add-ocsp-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u28 > $TmpDir/pki-user-add-ocsp-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-user-add-ocsp-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-ocsp-001_53_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0014: Cannot add user using a OCSP_agentUTOCSP" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-054: fullname with i18n characters" + rlLog "user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-user-add-ocsp-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-user-add-ocsp-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-ocsp-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u29 > $TmpDir/pki-user-add-ocsp-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-user-add-ocsp-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-ocsp-001_54_2.out" + rlPhaseEnd - rlLog "Executing: pki -d /tmp/untrusted_cert_db \ - -n OCSP_agentUTOCSP \ - -c Password \ - user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d /tmp/untrusted_cert_db \ - -n OCSP_agentUTOCSP \ + rlPhaseStartTest "pki_user_cli_user_add-OCSP-055: fullname with i18n characters" + rlLog "user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-user-add-ocsp-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-user-add-ocsp-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-ocsp-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u30 > $TmpDir/pki-user-add-ocsp-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-user-add-ocsp-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-ocsp-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-056: user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-057: userid with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-058: email address with i18n characters" + rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t ocsp user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-059: email address with i18n characters" + rlLog "user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-060: password with i18n characters" + rlLog "user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-user-add-ocsp-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-user-add-ocsp-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u31 > $TmpDir/pki-user-add-ocsp-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-user-add-ocsp-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-061: password with i18n characters" + rlLog "user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-user-add-ocsp-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-user-add-ocsp-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u32 > $TmpDir/pki-user-add-ocsp-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-user-add-ocsp-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-062: type with i18n characters" + rlLog "user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-user-add-ocsp-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-user-add-ocsp-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-ocsp-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u33 > $TmpDir/pki-user-add-ocsp-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-user-add-ocsp-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-ocsp-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-063: type with i18n characters" + rlLog "user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-user-add-ocsp-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-user-add-ocsp-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-ocsp-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u34 > $TmpDir/pki-user-add-ocsp-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-user-add-ocsp-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-ocsp-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-064: state with i18n characters" + rlLog "user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state='čå' u35 > $TmpDir/pki-user-add-ocsp-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-user-add-ocsp-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-ocsp-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u35 > $TmpDir/pki-user-add-ocsp-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-user-add-ocsp-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-ocsp-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-065: state with i18n characters" + rlLog "user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state='йč' u36 > $TmpDir/pki-user-add-ocsp-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-user-add-ocsp-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-ocsp-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u36 > $TmpDir/pki-user-add-ocsp-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-user-add-ocsp-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-ocsp-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ -c Password \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentUTOCSP-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a untrusted cert" - rlAssertGrep "RuntimeException: java.net.SocketException: Object not found: org.mozilla.jss.crypto.ObjectNotFoundException" "$TmpDir/pki-user-add-ocsp-agentUTOCSP-002.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-add-ocsp-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t ocsp \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t ocsp \ + user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t ocsp \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t ocsp \ + user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del '$usr' > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del $pki_user > $TmpDir/pki-user-del-user-ocsp-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-user-del-user-ocsp-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "OCSP instance not created." + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-add-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-add-ocsp.sh new file mode 100755 index 000000000..01fc84417 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-add-ocsp.sh @@ -0,0 +1,2405 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-add-ocsp Add certs to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-add-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-add-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to add certs to OCSP users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-002: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_002crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_ocsp_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_004crmf.out > $TmpDir/pki_ocsp_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_ocsp_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_005crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_ocsp_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-006-tier1: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_006crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-007-tier1: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $user2" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_009crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_ocsp_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_ocsp_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_ocsp_user_cert-add-ocsp-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0018crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0018crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0018crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add Administrators admin_user > $TmpDir/pki-ocsp-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add Administrators admin_user1 > $TmpDir/pki-ocsp-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_ocsp_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-OCSP-0020: Adding a cert as a OCSP agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid OCSP agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid OCSP agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid auditor user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0021: Adding a cert as valid OCSP auditor user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a OCSP auditor user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0022: Adding a cert as OCSP_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $OCSP_HOST -p $OCSP_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $OCSP_HOST -p $OCSP_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0027crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_adminUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as OCSP_agentUTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0027: Adding a cert as OCSP_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0028crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_agentUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user OCSP_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an OCSP_operatorV ##### + +rlPhaseStartTest "pki_user_cli_user_cert-OCSP-add-0028: Adding a cert as OCSP_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_user_cli_user_cert-OCSP-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_user_cli_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_user_cli_ocsp_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# group-member-add Administrators $userid > $TmpDir/pki-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-delete-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-delete-ocsp.sh new file mode 100755 index 000000000..c02f683d2 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-delete-ocsp.sh @@ -0,0 +1,881 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-delete-ocsp Delete the certs assigned to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-delete-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-delete-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Tests to delete certs assigned to OCSP users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-002-tier1: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_ocsp_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-003: pki user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_ocsp_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-004: pki user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-005: pki user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-006-tier1: pki user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-007-tier1: pki user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-008: Delete certs assigned to a user - as OCSP_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-009: Delete certs assigned to a user - as OCSP_auditorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0010: Delete certs assigned to a user - as OCSP_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0011: Delete certs assigned to a user - as OCSP_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0012: Delete certs assigned to a user - as OCSP_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0013: Delete certs assigned to a user - as OCSP_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_operatorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-OCSP-0015: Delete certs assigned to a user - as OCSP_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to OCSP users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_ocsp_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add Administrators admin_user > $TmpDir/pki-user-add-ocsp-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-ocsp-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_ocsp_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_ocsp_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user --input $TmpDir/pki_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user --input $TmpDir/pki_ocsp_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_ocsp_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_ocsp_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_ocsp_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_ocsp_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-find-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-find-ocsp.sh new file mode 100755 index 000000000..68957e67f --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-find-ocsp.sh @@ -0,0 +1,1127 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-find-ocsp Finding the certs assigned to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-find-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Find certs assigned to a OCSP user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-002: Find the certs of a user in OCSP --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 > $TmpDir/pki_ocsp_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-003: Find the certs of a user in OCSP --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 > $TmpDir/pki_ocsp_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_ocsp_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-004: Find the certs of a user in OCSP --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-005: Find the certs of a user in OCSP --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user3 > $TmpDir/pki_ocsp_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_ocsp_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-006: Find the certs of a user in OCSP --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=2 > $TmpDir/pki_ocsp_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_ocsp_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-007: Find the certs of a user in OCSP --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=0 > $TmpDir/pki_ocsp_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_ocsp_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-008: Find the certs of a user in OCSP --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-009: Find the certs of a user in OCSP --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=50 > $TmpDir/pki_ocsp_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-010: Find the certs of a user in OCSP --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=2 > $TmpDir/pki_ocsp_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_ocsp_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-011: Find the certs of a user in OCSP --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=0 > $TmpDir/pki_ocsp_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-012: Find the certs of a user in OCSP --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=0 > $TmpDir/pki_ocsp_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_ocsp_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=-1 #### + +rlPhaseStartTest "pki_user_cli_ocsp_user_cert-find-ocsp-013: Find the certs of a user in OCSP --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=50 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-014: Find the certs of a user in OCSP --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=50 > $TmpDir/pki_ocsp_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_ocsp_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-015: Find the certs of a user in OCSP --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_ocsp_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_ocsp_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-016: Find the certs of a user in OCSP --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --input $TmpDir/pki_ocsp_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --input $TmpDir/pki_ocsp_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --input $TmpDir/pki_ocsp_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --input $TmpDir/pki_ocsp_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $newuserid > $TmpDir/pki_ocsp_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-017: Find the certs of a user in OCSP --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-018: Find the certs of a user in OCSP --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_ocsp_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_ocsp_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-019: Find the certs of a user in OCSP --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_ocsp_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_ocsp_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-020: Find the certs of a user in OCSP --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_ocsp_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_ocsp_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-021: Find the certs of a user in OCSP --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_ocsp_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to OCSP users - i18n characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_ocsp_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_ocsp_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 > $TmpDir/pki_ocsp_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-023: Find the certs of a user as OCSP_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a valid auditor user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-024: Find the certs of a user as OCSP_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a valid auditor user" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-025: Find the certs of a user as OCSP_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-026: Find the certs of a user as OCSP_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-027: Find the certs of a user as OCSP_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-028: Find the certs of a user as OCSP_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a user whose OCSP cert has not been trusted ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - userid is missing ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-show-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-show-ocsp.sh new file mode 100755 index 000000000..9305388e7 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-show-ocsp.sh @@ -0,0 +1,1119 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-show-ocsp Show the certs assigned to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-show-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-show-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to find certs assigned to OCSP users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_ocsp_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_002crmf.out > $TmpDir/pki_ocsp_user_cert_show_validcert_002crmf.pem" + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_show_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-003: pki user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-004: pki user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-005: pki user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-006-tier1: pki user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-007-tier1: pki user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-009: pki user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0010: pki user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0012: pki user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0013: pki user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0014: pki user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0015: pki user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0017: pki user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0018: pki user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0019-tier1: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_pkcs10_output0019 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_crmf_output0019 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0020: Show certs assigned to a user - as OCSP_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0021: Show certs assigned to a user - as OCSP_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0022: Show certs assigned to a user - as OCSP_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0023: Show certs assigned to a user - as OCSP_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0024: Show certs assigned to a user - as OCSP_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0025: Show certs assigned to a user - as OCSP_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP operator user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0027: Show certs assigned to a user - as OCSP operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_pkcs10_output0028 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_crmf_output0028 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0031: pki user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to OCSP users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh index cfd6e90c1..6c29b0e22 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh @@ -3,17 +3,17 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-del CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-del Delete pki subsystem OCSP users. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Author: Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms @@ -37,57 +37,694 @@ . /opt/rhqa_pki/rhcs-shared.sh . /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh - - -######################################################################## -# Test Suite Globals +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-del.sh ######################################################################## run_pki-user-cli-user-del-ocsp_tests(){ - rlPhaseStartSetup "pki_user_cli_user_add-ocsp-startup:Getting nss certificate db " - rlLog "Certificate directory = $CERTDB_DIR" + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$ocsp_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli_user_del-OCSP-ocsp-configtest-001: pki user-del --help configuration test" + rlRun "pki user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki user-del --help" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" rlPhaseEnd - rlPhaseStartCleanup "pki_user_cli_user_add-cleanup: Delete temp dir" - del_user=($OCSP_adminV_user $OCSP_adminR_user $OCSP_adminE_user $OCSP_adminUTOCSP_user $OCSP_agentV_user $OCSP_agentR_user $OCSP_agentE_user $OCSP_agentUTOCSP_user $OCSP_auditV_user $OCSP_operatorV_user) + rlPhaseStartTest "pki_user_cli_user_del-OCSP-ocsp-configtest-002: pki user-del configuration test" + rlRun "pki user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki user-del" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" + rlPhaseEnd - #===Deleting users created using OCSP_adminV cert===# + rlPhaseStartTest "pki_user_cli_user_del-OCSP-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + + #===Deleting users created using ${prefix}_adminV cert===# i=1 while [ $i -lt 25 ] ; do rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user1-00$i.out" \ 0 \ "Deleted user u$i" - rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let i=$i+1 + done + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user $usr" let i=$i+1 done - #===Deleting users(symbols) created using OCSP_adminV cert===# + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# j=1 while [ $j -lt 8 ] ; do eval usr=\$user$j rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ - 0 \ - "Deleted user $usr" - rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" let j=$j+1 done - i=0 - while [ $i -lt ${#del_user[@]} ] ; do - userid_del=${del_user[$i]} - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-del $userid_del > $TmpDir/pki-user-del-ocsp-00$i.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del USER_ABC > $TmpDir/pki-user-del-ocsp-user-002_1.out" \ 0 \ - "Deleted user $userid_del" - rlAssertGrep "Deleted user \"$userid_del\"" "$TmpDir/pki-user-del-ocsp-00$i.out" - let i=$i+1 - done + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-user-del-ocsp-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del > $TmpDir/pki-user-del-ocsp-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/pki-user-del-ocsp-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-ocsp-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del \"$user2\" > $TmpDir/pki-user-del-ocsp-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-ocsp-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test '$userid' > $TmpDir/pki-user-add-ocsp-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del '$userid' > $TmpDir/pki-user-del-ocsp-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-ocsp-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show '$userid' > $TmpDir/pki-user-del-ocsp-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-user-del-ocsp-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test ocsp_agent" + email="ocsp_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-user-add-ocsp-008.out" \ + 0 \ + "Add user $user1 to OCSP -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user1 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del $user1 > $TmpDir/pki-user-del-ocsp-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-user-del-ocsp-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-user-add-ocsp-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u22 > $TmpDir/pki-user-del-ocsp-user-009.out" \ + 0 \ + "Deleting user u22 using -t ocsp option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-user-del-ocsp-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-010: Should not be able to delete user using a revoked cert OCSP_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-user-add-ocsp-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u23 > $TmpDir/pki-user-show-ocsp-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ocsp-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ocsp-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ocsp-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-011: Should not be able to delete user using a agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u23 > $TmpDir/pki-user-show-ocsp-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ocsp-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ocsp-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ocsp-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u23 > $TmpDir/pki-user-del-ocsp-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-012: Should not be able to delete user using a valid agent OCSP_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-user-add-ocsp-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-013: Should not be able to delete user using a admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-014: Should not be able to delete a user using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-015: Should not be able to delete user using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a audit cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-016: Should not be able to delete user using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-del-ocsp-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-del-ocsp-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u24 > $TmpDir/pki-user-del-ocsp-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-019: delete user name with i18n characters" + rlLog "user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-user-add-ocsp-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-ocsp-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-ocsp-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u19 > $TmpDir/pki-user-del-ocsp-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-ocsp-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-020: delete username with i18n characters" + rlLog "user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-user-add-ocsp-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-ocsp-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-ocsp-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u20 > $TmpDir/pki-user-del-ocsp-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-ocsp-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + rlPhaseStartCleanup "pki_user_cli_user_del-ocsp_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh index d1db22d65..8517848b3 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh @@ -3,17 +3,17 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-find CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-find To list users in OCSP. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Author: Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms @@ -35,178 +35,769 @@ . /usr/bin/rhts-environment.sh . /usr/share/beakerlib/beakerlib.sh . /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh ######################################################################## -# Test Suite Globals -######################################################################## - -user1="ocsp_agent2" -user1fullname="Test ocsp_agent" - - +#create_role_users.sh should be first executed prior to pki-user-cli-user-find.sh ######################################################################## run_pki-user-cli-user-find-ocsp_tests(){ - rlPhaseStartSetup "pki_user_cli_user_find-startup: Getting nss certificate db" - admin_cert_nickname="PKI Administrator for $OCSP_DOMAIN" - CERTDB_DIR_PASSWORD="Password" - rlLog "Admin Certificate is located at: $OCSP_ADMIN_CERT_LOOCSPTION" + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" rlRun "pushd $TmpDir" - rlLog "Temp Directory = $TmpDir" - rlRun "mkdir $CERTDB_DIR" - rlLog "importP12File $OCSP_ADMIN_CERT_LOOCSPTION $OCSP_CLIENT_PKCS12_PASSWORD $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert_nickname" - rlRun "importP12File $OCSP_ADMIN_CERT_LOOCSPTION $OCSP_CLIENT_PKCS12_PASSWORD $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert_nickname" 0 "Import Admin certificate to $CERTDB_DIR" - rlRun "install_and_trust_OCSP_cert $OCSP_SERVER_ROOT $CERTDB_DIR" - rlPhaseEnd + rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-OCSP-add: Add users to OCSP" + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$ocsp_instance_created" = "TRUE" ] ; then + user1=ocsp_agent2 + user1fullname="Test ocsp_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + + rlPhaseStartSetup "pki_user_cli_user_find-ocsp-startup-addusers: Add users" i=1 - while [ $i -le 5 ] ; do - rlLog "Adding user user1$i" - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"fullname1$i\" user1$i > $TmpDir/pki-user-find-ocsp-a00$i.out 2>&1" \ - 0 \ - "Add user user1$i to OCSP" - rlAssertGrep "Added user \"user1$i\"" "$TmpDir/pki-user-find-ocsp-a00$i.out" - rlAssertGrep "User ID: user1$i" "$TmpDir/pki-user-find-ocsp-a00$i.out" - rlAssertGrep "Full name: fullname1$i" "$TmpDir/pki-user-find-ocsp-a00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_find-ocsp-001: Find 5 users, --size=5" + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-configtest-001: pki user-find --help configuration test" + rlRun "pki user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki user-find --help" + rlAssertGrep "usage: user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-configtest-002: pki user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-003: Find 5 users, --size=5" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=5 > $TmpDir/pki-user-find-ocsp-001.out 2>&1" \ - 0 \ - "Found 5 users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=5 > $TmpDir/pki-user-find-ocsp-001.out 2>&1" \ + 0 \ + "Found 5 users" rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-find-ocsp-001.out" rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_find-ocsp-002: Find non user, --size=0" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-004: Find non user, --size=0" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=0 > $TmpDir/pki-user-find-ocsp-002.out 2>&1" \ - 0 \ - "Found no users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=0 > $TmpDir/pki-user-find-ocsp-002.out 2>&1" \ + 0 \ + "Found no users" rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-003: Find all users, maximum possible value as input" - maximum_check=1000000 + rlPhaseStartTest "pki_user_cli_user_find-ocsp-005: Find all users, large value as input" + large_num=1000000 rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=$maximum_check > $TmpDir/pki-user-find-ocsp-003.out 2>&1" \ - 0 \ - "All users" - rlAssertGrep "Number of entries returned " "$TmpDir/pki-user-find-ocsp-003.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$large_num > $TmpDir/pki-user-find-ocsp-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-user-find-ocsp-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-004: Find users, check for negative input --size=-1" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=-1 > $TmpDir/pki-user-find-ocsp-004.out 2>&1" \ - 0 \ - "No users returned as the size entered is negative value" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-ocsp-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-user-find-ocsp-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-ocsp-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-ocsp-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=-1 > $TmpDir/pki-user-find-ocsp-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-004.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-005: Find users for size input as noninteger, --size=abc" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-009: Find users for size input as noninteger, --size=abc" size_noninteger="abc" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=$size_noninteger > $TmpDir/pki-user-find-ocsp-005.out 2>&1" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=$size_noninteger > $TmpDir/pki-user-find-ocsp-005.out 2>&1" \ - 1 \ - "Found 5 users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$size_noninteger > $TmpDir/pki-user-find-ocsp-005.out 2>&1" \ + 255 \ + "No users returned" rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-ocsp-005.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-006: Find users, check for no input --size= " + rlPhaseStartTest "pki_user_cli_user_find-ocsp-010: Find users, check for no input --size=" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size= > $TmpDir/pki-user-find-ocsp-006.out 2>&1" \ - 1 \ - "No users returned, as --size= " + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size= > $TmpDir/pki-user-find-ocsp-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-ocsp-006.out" rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_find-ocsp-007: Find users, --start=10 " + rlPhaseStartTest "pki_user_cli_user_find-ocsp-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find > $TmpDir/pki-user-find-ocsp-007_1.out 2>&1" \ + 0 \ + "Get all users in OCSP" + user_entry_10=`cat $TmpDir/pki-user-find-ocsp-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=10 > $TmpDir/pki-user-find-ocsp-007.out 2>&1" \ - 0 \ - "Displays users from the 10th user and the next to the maximum 20 users, if available " - rlAssertGrep "Number of entries returned " "$TmpDir/pki-user-find-ocsp-007.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=10 > $TmpDir/pki-user-find-ocsp-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-user-find-ocsp-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-ocsp-007.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-008: Find users, --start=10000, maximum possible input " + rlPhaseStartTest "pki_user_cli_user_find-ocsp-012: Find users, --start=10000, large possible input" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=10000 > $TmpDir/pki-user-find-ocsp-008.out 2>&1" \ - 0 \ - "No users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=10000 > $TmpDir/pki-user-find-ocsp-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-008.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-009: Find users, --start=0" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$maximum_check" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=0 > $TmpDir/pki-user-find-ocsp-009.out 2>&1" \ - 0 \ - "Displays from the zeroth user, maximum possible are 20 users in a page" - rlAssertGrep "Number of entries returned" "$TmpDir/pki-user-find-ocsp-009.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-ocsp-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-008_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-0010: Find users, --start=-1" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$maximum_check" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=-1 > $TmpDir/pki-user-find-ocsp-0010.out 2>&1" \ - 0 \ - "Maximum possible 20 users are returned, starting from the zeroth user" - rlAssertGrep "Number of entries returned" "$TmpDir/pki-user-find-ocsp-0010.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-ocsp-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-ocsp-008_3.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-0011: Find users for size input as noninteger, --start=abc" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-015: Find users, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=0 > $TmpDir/pki-user-find-ocsp-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-ocsp-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=-1 > $TmpDir/pki-user-find-ocsp-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-user-find-ocsp-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-017: Find users for size input as noninteger, --start=abc" size_noninteger="abc" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=$size_noninteger > $TmpDir/pki-user-find-ocsp-0011.out 2>&1" \ - 1 \ - "Incorrect input to find user" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$size_noninteger > $TmpDir/pki-user-find-ocsp-0011.out 2>&1" \ + 255 \ + "Incorrect input to find user" rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-ocsp-0011.out" rlPhaseEnd - rlPhaseStartTest "Cleanup: Delete the OCSP users" - i=1 - while [ $i -le 5 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-del user1$i" \ - 0 \ - "Delete user user1$i" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-018: Find users, check for no input --start= " + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start= > $TmpDir/pki-user-find-ocsp-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-ocsp-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find > $TmpDir/pki-user-find-ocsp-00_13_1.out 2>&1" \ + 0 \ + "Get all users in OCSP" + user_entry_12=`cat $TmpDir/pki-user-find-ocsp-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=12 --size=12 > $TmpDir/pki-user-find-ocsp-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-user-find-ocsp-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-user-find-ocsp-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find > $TmpDir/pki-user-find-ocsp-00_14_1.out 2>&1" \ + 0 \ + "Get all users in OCSP" + user_entry_12=`cat $TmpDir/pki-user-find-ocsp-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=12 --size=0 > $TmpDir/pki-user-find-ocsp-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-021: Should not be able to find user using a revoked cert OCSP_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-022: Should not be able to find users using an agent with revoked cert OCSP_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-023: Should not be able to find users using a valid agent OCSP_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-ocsp-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-025: Should not be able to find users using admin user with expired cert OCSP_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-ocsp-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-026: Should not be able to find users using OCSP_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-ocsp-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-027: Should not be able to find users using a OCSP_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-ocsp-auditV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-028: Should not be able to find users using a OCSP_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-ocsp-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + -t ocsp \ + user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password -t ocsp user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-find-ocsp-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-user-find-ocsp-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-ocsp-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-ocsp-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-ocsp-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u26 > $TmpDir/pki-user-show-ocsp-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-ocsp-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-show-ocsp-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-ocsp-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" let i=$i+1 done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-add-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-add-ocsp.sh new file mode 100755 index 000000000..9e59ccbac --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-add-ocsp.sh @@ -0,0 +1,840 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-add Add OCSP user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-ocsp.sh +###################################################################################### + +######################################################################## +run_pki-user-cli-user-membership-add-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$ocsp_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-002: pki user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership > $TmpDir/pki_user_membership_cfg.out 2>&1" \ + 0 \ + "pki user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-find Find user memberships" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-add Add user membership" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-del Remove user membership" "$TmpDir/pki_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-003: pki user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add --help > $TmpDir/pki_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki user-membership-add --help" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-004: pki user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add > $TmpDir/pki_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-005: Add users to available groups using valid admin user OCSP_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-006: Add a user to all available groups using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show userall > $TmpDir/pki-user-membership-add-user-show-ocsp-userall-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-add-user-show-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-show-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-show-ocsp-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show user1 > $TmpDir/pki-user-membership-add-user-show-ocsp-user1-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-user-membership-add-user-show-ocsp-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-show-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-show-ocsp-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-add-user-add-ocsp-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-009: Should be able to user-membership-add user name with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='ÖrjanÄke' u9" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add u9 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-ocsp-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-ocsp-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-find u9" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-010: Should be able to user-membership-add user to group id with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-ocsp-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u10 > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-011: Should not be able to user-membership-add using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminR -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-012: Should not be able to user-membership-add using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-013: Should not be able to user-membership-add using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminE -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-014: Should not be able to user-membership-add using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-015: Should not be able to user-membership-add using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_auditV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-016: Should not be able to user-membership-add using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-017: Should not be able to user-membership-add using OCSP_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-user-membership-add-user-add-ocsp-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user2 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find $user2 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" \ + 0 \ + "Find user-membership to groups of $user2" + rlAssertGrep "7 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" + rlAssertGrep "Number of entries returned 7" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $OCSP_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${OCSP_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-ocsp-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ocsp-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user2 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid4\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-usertest2-019_2.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-ocsp-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find $user2 > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest1-019_3.out" \ + 0 \ + "Check user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user u19 > $TmpDir/pki-user-add-ocsp-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-ocsp-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-ocsp-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ocsp-019_4.out" + rlPhaseEnd + + #Usability test + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-019: User associated with Certificate Manager Agents group only can list CAs" + local user3="testuser3" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user3\" $user3 > $TmpDir/pki-user-membership-add-user-add-ocsp-user3-019.out" \ + 0 \ + "Adding user $user3" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user3 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user3 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-$user3-00$i.out" \ + 0 \ + "Adding user to all groups except Data Recovery Manager Agents group - now adding to \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-$user3-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-$user3-00$i.out" + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User3\" \"$user3\" \ + \"$user3@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $OCSP_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user3 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_020_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${OCSP_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add $user3 --input $TmpDir/validcert_020_1.pem > $TmpDir/useraddcert_020_2.out" \ + 0 \ + "Cert is added to the user $user3" + + rlLog "Check $user3 is not in group Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find $user3 > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest3-020_1.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertNotGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest3-020_1.out" + + #Trying to perform List CAs using $user3's cert should fail + local request_header_out="$TmpDir/request_header_out" + rlRun "export SSL_DIR=$TmpDir" + command="curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\"" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Trying to perform List CAs using $user3's cert should fail" + + #Add user $user3 to Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-usertest3-020_3.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-usertest3-020_3.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-ocsp-usertest3-020_3.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find $user3 > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest3-020_4.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest3-020_4.out" + + #Trying to perform List CAs using $user3's cert should succeed + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$request_header_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-020: Should not be able to add user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -t ocsp user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-add-ocsp-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del userall > $TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user1 > $TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u19 > $TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-u19-001.out" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del testuser$i > $TmpDir/pki-user-membership-add-ocsp-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-user-membership-add-ocsp-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-del-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-del-ocsp.sh new file mode 100755 index 000000000..da99ed027 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-del-ocsp.sh @@ -0,0 +1,877 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-membership-del OCSP CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-ocsp.sh +###################################################################################### + +run_pki-user-cli-user-membership-del-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups ocsp-group-find + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-002: pki user-membership-del --help configuration test" + rlRun "pki user-membership-del --help > $TmpDir/pki_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki user-membership-del --help" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-003: pki user-membership-del configuration test" + rlRun "pki user-membership-del > $TmpDir/pki_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-004: Delete user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del u$i \"$gid\" > $TmpDir/pki-user-membership-del-groupdel-del-ocsp-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupdel-del-ocsp-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-005: Delete user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del userall \"$gid\" > $TmpDir/pki-user-membership-del-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupadd-ocsp-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del user1 > $TmpDir/pki-user-membership-del-groupadd-ocsp-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID>" "$TmpDir/pki-user-membership-del-groupadd-ocsp-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add user2 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del \"\" \"Administrators\" > $TmpDir/pki-user-membership-del-groupadd-ocsp-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-membership-del-groupadd-ocsp-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-008: Should not be able to user-membership-del using a revoked cert OCSP_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-009: Should not be able to user-membership-del using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-010: Should not be able to user-membership-del using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a valid agent cert OCSP_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-011: Should not be able to user-membership-del using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-012: Should not be able to user-membership-del using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-013: Should not be able to user-membership-del using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-014: Should not be able to user-membership-del using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-015: Should not be able to user-membership-del using OCSP_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-016: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-ocsp-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ocsp-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-ocsp-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-ocsp-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-ocsp-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-ocsp-017_2.out" + rlLog "Delete user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del u10 'dadministʁasjɔ̃' > $TmpDir/pki-user-membership-del-ocsp-017_3.out" \ + 0 \ + "Delete user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-ocsp-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-017_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-017: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u11 > $TmpDir/pki-user-add-ocsp-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-ocsp-018.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-ocsp-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u11 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-ocsp-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-ocsp-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-ocsp-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-del-ocsp-018_3.out" \ + 0 \ + "Delete user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-del-ocsp-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u11 > $TmpDir/pki-user-membership-del-groupadd-del-ocsp-018_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-del-groupadd-del-ocsp-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-018: Delete user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-del-user-del-ocsp-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-del-user-del-ocsp-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-del-user-del-ocsp-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-del-user-del-ocsp-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-user-membership-del-user-del-ocsp-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-membership-del-user-del-ocsp-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-membership-del-user-del-ocsp-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-user-membership-del-user-del-ocsp-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u12 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u12 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-member-find Administrators > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u12 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-member-find $groupid4 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_7.out" \ + 0 \ + "List members of $groupid4 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-del-user-add-ocsp-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-add --fullName=test_user u9" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-ocsp-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ocsp-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-user-membership-del-groupdel-del-ocsp-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-user-membership-del-groupdel-del-ocsp-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-021: User deleted from the Data Recovery Manager Agents group can not list CAs" + local user3="testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-22.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-22.out" + + #Trying to perform List CAs using $user3's cert should succeed + rlRun "export SSL_DIR=$TmpDir" + local request_header_out="$TmpDir/request_header_out" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$request_header_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + + #Delete $user3 from Online Certificate Status Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del $user3 \"$groupid1\" > $TmpDir/pki-user-membership-del-groupdel-del-ocsp-022_3.out" \ + 0 \ + "User deleted from group \"$groupid1\"" + rlAssertGrep "Deleted membership in group \"$groupid1\"" "$TmpDir/pki-user-membership-del-groupdel-del-ocsp-022_3.out" + + + #Trying to perform List CAs using $user3's cert should fail + local request_header_out="$TmpDir/request_header_out" + rlRun "export SSL_DIR=$TmpDir" + command="curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\"" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Trying to perform List CAs using $user3's cert should fail" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-del-ocsp-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 12 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del userall > $TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user1 > $TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user2 > $TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user123 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del testuser1 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-testuser1.out" + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-find-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-find-ocsp.sh new file mode 100755 index 000000000..f2251e82e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-find-ocsp.sh @@ -0,0 +1,765 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-find Find OCSP user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-find-ocsp.sh +###################################################################################### + +run_pki-user-cli-user-membership-find-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups ocsp-group-find + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-002: pki user-membership-find --help configuration test" + rlRun "pki user-membership-find --help > $TmpDir/pki_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki user-membership-find --help" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-003: pki user-membership-find configuration test" + rlRun "pki user-membership-find > $TmpDir/pki_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-004: Find user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-find-user-find-ocsp-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-find-user-find-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-find-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-find-ocsp-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u$i > $TmpDir/pki-user-membership-find-user-show-ocsp-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-find-user-show-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-show-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-show-ocsp-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-ocsp-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-ocsp-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u$i > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-00$i.out" \ + 0 \ + "Find user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-005: Find user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-find-user-find-ocsp-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-find-user-find-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-find-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-find-ocsp-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show userall > $TmpDir/pki-user-membership-find-user-show-ocsp-userall-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-find-user-show-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-show-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-show-ocsp-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-ocsp-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-userall-00$i.out" \ + 0 \ + "Find user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-006: Find user-membership of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=5 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlAssertGrep "Group: $groupid6" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlAssertGrep "Group: $groupid7" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlAssertGrep "Group: $groupid8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlAssertGrep "Number of entries returned 3" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-007: Find all user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=0 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-002.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-008: Find user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=-1 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-003.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-003.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-009: Find user-memberships when page start greater than available number of groups (start=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=9 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-004.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-010: Should not be able to find user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-011: Find user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=0 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-012: Find user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=1 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-013: Find user-memberships when page size is 2 (size=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=2 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" 0 \ + "user_membership-find with size parameter as 2" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-014: Find user-memberships when page size is 9 (size=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=9 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-009.out" 0 \ + "user_membership-find with size parameter as 9" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-009.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-015: Find user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=100 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0010.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-016: Find user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=-1 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-017: Should not be able to find user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-018: Find user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=6 --size=5 > $TmpDir/pki-user-membership-find-ocsp-019.out" \ + 0 \ + "Find user-membership with page start and page size option" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-ocsp-019.out" + i=7 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-ocsp-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-ocsp-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-019: Find user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=$maximum_check > $TmpDir/pki-user-membership-find-ocsp-020.out 2>&1" \ + 255 \ + "Find user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-ocsp-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-020: Find user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=$maximum_check > $TmpDir/pki-user-membership-find-ocsp-021.out 2>&1" \ + 255 \ + "Find user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-ocsp-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-021: Should not be able to user-membership-find using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-022: Should not be able to user-membership-find using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-023: Should not be able to user-membership-find using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid agent OCSP_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-024: Should not be able to user-membership-find using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired admin OCSP_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-025: Should not be able to user-membership-find using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired agent OCSP_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-026: Should not be able to user-membership-find using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid auditor OCSP_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-027: Should not be able to user-membership-find using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid operator OCSP_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-028: Should not be able to user-membership-find using OCSP_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-029:Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-ocsp-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ocsp-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-ocsp-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u9 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-ocsp-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-ocsp-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-ocsp-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u9 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-031_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-030: Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u10 > $TmpDir/pki-user-add-ocsp-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-ocsp-032.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-ocsp-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-ocsp-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-ocsp-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-ocsp-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-032_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-031: Find user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-find-user-find-ocsp-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-find-user-find-ocsp-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-find-user-find-ocsp-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-find-user-find-ocsp-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-user-membership-find-user-find-ocsp-033_2.out" 0 "Find user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-user-find-ocsp-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-find-ocsp-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del userall > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user123 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-user123.out" + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-mod-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-mod-ocsp.sh new file mode 100755 index 000000000..5de4950cd --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-mod-ocsp.sh @@ -0,0 +1,1154 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-mod Modify existing users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-mod-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-user-cli-user-mod-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + OCSP_HOST=$(eval echo \$${MYROLE}) + OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + user1=ocsp_user + user1fullname="Test ocsp user" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + user1_mod_fullname="Test ocsp user modified" + user1_mod_email="testocspuser@myemail.com" + user1_mod_passwd="Secret1234" + user1_mod_state="NC" + user1_mod_phone="1234567890" + randsym="" + i18nuser=i18nuser + i18nuserfullname="Örjan Äke" + i18nuser_mod_fullname="kakskümmend" + i18nuser_mod_email="kakskümmend@example.com" + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_auditV_user=${subsystemId}_auditV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-002: Modify a user's fullname in OCSP using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-ocsp-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-ocsp-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-ocsp-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-003: Modify a user's email,phone,state,password in OCSP using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-ocsp-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-ocsp-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-ocsp-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-ocsp-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-ocsp-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-ocsp-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-ocsp-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-ocsp-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-ocsp-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-005:--email with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"$randsym\" u2 > $TmpDir/pki-ocsp-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-ocsp-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-ocsp-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-ocsp-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=# u3 > $TmpDir/pki-ocsp-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-ocsp-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-ocsp-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-ocsp-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=* u4 > $TmpDir/pki-ocsp-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-ocsp-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-ocsp-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-ocsp-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=$ u5 > $TmpDir/pki-ocsp-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-ocsp-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-ocsp-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-ocsp-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=0 u6 > $TmpDir/pki-ocsp-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-ocsp-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-ocsp-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-ocsp-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-ocsp-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-ocsp-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-ocsp-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod-011:--state with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=\"$randsym\" u8 > $TmpDir/pki-ocsp-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-ocsp-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-ocsp-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-ocsp-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=# u9 > $TmpDir/pki-ocsp-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-ocsp-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-ocsp-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-ocsp-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=* u10 > $TmpDir/pki-ocsp-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-ocsp-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-ocsp-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-ocsp-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=$ u11 > $TmpDir/pki-ocsp-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-ocsp-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-ocsp-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-ocsp-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=0 u12 > $TmpDir/pki-ocsp-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-ocsp-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-ocsp-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-ocsp-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-ocsp-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-ocsp-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-ocsp-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-017:--phone with maximum length and symbols " + randsym_b64=$(openssl rand -base64 90000 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + special_symbols="#$@*" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone='$randsym$special_symbols' usr1" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-018:--phone with maximum length and numbers only " + randhex=$(openssl rand -hex 1024) + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone=\"$randsym\" usr1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-ocsp-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"usr1\"" "$TmpDir/pki-ocsp-user-mod-018.out" + rlAssertGrep "User ID: usr1" "$TmpDir/pki-ocsp-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-ocsp-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone=-1230 u14 > $TmpDir/pki-ocsp-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-ocsp-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-ocsp-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-ocsp-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-023: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_user_cli_user_mod-ocsp-024: Modify a user -- all options provided" + email="ocsp_user2@myemail.com" + user_password="ocspuser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-ocsp-user-mod-025.out" \ + 0 \ + "Modify user u15 to OCSP -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-028: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-029: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-030: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-031: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using audit users##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-032: Should not be able to modify user using an auditor user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-033: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as OCSP_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted OCSP users##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-034: Should not be able to modify user using a cert created from a untrusted OCSP role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-035: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' u18" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-036: Modify a user in OCSP using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-037: Modify a user in OCSP using OCSP admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show u16 > $TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"\" u16 > $TmpDir/pki-ocsp-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-038: Modify a user in OCSP using OCSP_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show u16 > $TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-039: Modify a user in OCSP using an admin user in OCSP - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show u16 > $TmpDir/pki-ocsp-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify OCSP users with the same value #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-040: Modify a user in OCSP using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show $user1 > $TmpDir/pki-ocsp-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-ocsp-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-ocsp-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-ocsp-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-ocsp-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-ocsp-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify CA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-041: Modify a user in OCSP using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show u16 > $TmpDir/pki-ocsp-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-ocsp-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"$email\" u16 > $TmpDir/pki-ocsp-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-ocsp-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify OCSP users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-042: Modify a user's fullname having i18n chars in OCSP using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-ocsp-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-ocsp-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-ocsp-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-ocsp-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify OCSP users having i18n chars in email #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-043: Modify a user's email having i18n chars in OCSP using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_user_cli_user_ocsp_cleanup: Deleting role users" + + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del usr$i > $TmpDir/pki-usr-del-ocsp-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-ocsp-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $i18nuser > $TmpDir/pki-user-del-ocsp-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-user-del-ocsp-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-ocsp.sh deleted file mode 100755 index bf10afd7f..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-ocsp.sh +++ /dev/null @@ -1,335 +0,0 @@ -#!/bin/bash -#!/usr/bin/expect -f - -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Author: Asha Akkiangady <aakkiang@redhat.com> -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -######################################################################## -# Test Suite Globals -######################################################################## -OCSP_adminV_user=OCSP_adminV -OCSP_adminV_fullName=OCSP_Admin_ValidCert -OCSP_adminR_user=OCSP_adminR -OCSP_adminR_fullName=OCSP_Admin_RevokedCert -OCSP_adminE_user=OCSP_adminE -OCSP_adminE_fullName=OCSP_admin_ExpiredCert -OCSP_adminUTOCSP_user=OCSP_adminUTCA -OCSP_adminUTOCSP_fullName=OCSP_Admin_CertIssuedByUntrustedCA - -OCSP_agentV_user=OCSP_agentV -OCSP_agentV_fullName=OCSP_Agent_ValidCert -OCSP_agentR_user=OCSP_agentR -OCSP_agentR_fullName=OCSP_Agent_RevokedCert -OCSP_agentE_user=OCSP_agentE -OCSP_agentE_fullName=OCSP_agent_ExpiredCert -OCSP_agentUTOCSP_user=OCSP_agentUTCA -OCSP_agentUTOCSP_fullName=OCSP_Agent_CertIssuedByUntrustedCA - -OCSP_auditV_user=OCSP_auditV -OCSP_auditV_fullName=OCSP_Audit_ValidCert -OCSP_operatorV_user=OCSP_operatorV -OCSP_operatorV_fullName=OCSP_Operator_ValidCert - -export OCSP_adminV_user OCSP_adminR_user OCSP_adminE_user OCSP_adminUTOCSP_user OCSP_agentV_user OCSP_agentR_user OCSP_agentE_user OCSP_agentUTOCSP_user OCSP_auditV_user OCSP_operatorV_user -###################################################################### - -run_pki-user-cli-user-ocsp_tests(){ - rlPhaseStartSetup "pki_user_cli_user_add-ocsp-startup:Getting nss certificate db " - rlLog "Certificate directory = $CERTDB_DIR" - rlPhaseEnd - rlPhaseStartSetup "pki_user_cli_user_ocsp-startup: Importing ocsp agent cert into certificate db and trust OCSP root cert" - rlRun "install_and_trust_OCSP_cert $OCSP_SERVER_ROOT $CERTDB_DIR" - rlRun "install_and_trust_OCSP_cert $OCSP_SERVER_ROOT $CERTDB_DIR" - rlPhaseEnd - rlPhaseStartSetup "Creating user, create user and add it to the user, add user to the group" - user=($OCSP_adminV_user $OCSP_adminV_fullName $OCSP_adminR_user $OCSP_adminR_fullName $OCSP_adminE_user $OCSP_adminE_fullName $OCSP_adminUTOCSP_user $OCSP_adminUTOCSP_fullName $OCSP_agentV_user $OCSP_agentV_fullName $OCSP_agentR_user $OCSP_agentR_fullName $OCSP_agentE_user $OCSP_agentE_fullName $OCSP_agentUTOCSP_user $OCSP_agentUTOCSP_fullName $OCSP_auditV_user $OCSP_auditV_fullName $OCSP_operatorV_user $OCSP_operatorV_fullName) - i=0 - while [ $i -lt ${#user[@]} ] ; do - userid=${user[$i]} - userfullName=${user[$i+1]} - - #Create $userid user - rlLog "Executing: pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add --fullName=\"$userfullName\" $userid" - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add --fullName=\"$userfullName\" $userid" \ - 0 \ - "Add user $userid to OCSP" - - #=====Adding user to respective group. Administrator, Date Recovery Manager Agent, Auditor=====# - if [ $userid == $OCSP_adminV_user -o $userid == $OCSP_adminR_user -o $userid == $OCSP_adminE_user -o $userid == $OCSP_adminUTOCSP_user ]; then - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - group-add-member Administrators $userid > $TmpDir/pki-user-add-ocsp-group001$i.out" \ - 0 \ - "Add user $userid to Administrators group" - rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-ocsp-group001$i.out" - rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-ocsp-group001$i.out" - elif [ $userid == $OCSP_agentV_user -o $userid == $OCSP_agentR_user -o $userid == $OCSP_agentE_user -o $userid == $OCSP_agentUTOCSP_user ]; then - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - group-add-member \"Data Recovery Manager Agents\" $userid > $TmpDir/pki-user-add-ocsp-group001$i.out" \ - 0 \ - "Add user $userid to Data Recovery Manager Agents group" - rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-ocsp-group001$i.out" - rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-ocsp-group001$i.out" - - elif [ $userid == $OCSP_auditV_user ]; then - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - group-add-member Auditors $userid > $TmpDir/pki-user-add-ocsp-group001$i.out" \ - 0 \ - "Add user $userid to Auditors group" - rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-ocsp-group001$i.out" - rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-ocsp-group001$i.out" - - elif [ $userid == $OCSP_operatorV_user ]; then - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - group-add-member \"Trusted Managers\" $userid > $TmpDir/pki-user-add-ocsp-group001$i.out" \ - 0 \ - "Add user $userid to Trusted Managers group" - rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-ocsp-group001$i.out" - rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-ocsp-group001$i.out" - fi - #================# - - if [ $userid == $OCSP_adminV_user -o $userid == $OCSP_adminR_user -o $userid == $OCSP_adminE_user -o $userid == $OCSP_agentV_user -o $userid == $OCSP_agentR_user -o $userid == $OCSP_agentE_user -o $userid == $OCSP_auditV_user -o $userid == $OCSP_operatorV_user ]; then - - #Create a cert and add it to the $userid user - rlLog "Admin Certificate is located at: $OCSP_ADMIN_CERT_LOCATION" - local sample_request_file1="/opt/rhqa_pki/cert_request_caUserCert1_1.in" - local sample_request_file2="/opt/rhqa_pki/cert_request_caUserCert1_2.in" - local temp_file="$CERTDB_DIR/certrequest_ocsp_001$i.in" - #rlRun "create_certdb \"$CERTDB_DIR\" Password" 0 "Create a certificate db" - rlRun "generate_PKCS10 \"$CERTDB_DIR\" Password rsa 2048 \"$CERTDB_DIR/request_ocsp_001$i.out\" \"CN=adminV\" " 0 "generate PKCS10 certificate" - - rlLog "Create a certificate request XML file.." - local search_string1="<InputAttr name=\"cert_request_type\">crmf<\/InputAttr>" - local replace_string1="\<InputAttr name=\"cert_request_type\"\>pkcs10\<\/InputAttr\>" - rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_ocsp_001$i.out" - rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_ocsp_001$i.out" - #local cert_request=`cat /tmp/request_001$i.out` - rlRun "cat $sample_request_file1 $CERTDB_DIR/request_ocsp_001$i.out $sample_request_file2 > $temp_file" - rlLog "Executing: sed -e 's/$search_string1/$replace_string1/' -i $temp_file" - rlRun "sed -e 's/$search_string1/$replace_string1/' -i $temp_file" - local search_string2="testuser" - local replace_string2=$userid - rlLog "Executing: sed -e 's/$search_string2/$replace_string2/g' -i $temp_file" - rlRun "sed -e 's/$search_string2/$replace_string2/g' -i $temp_file" - local search_string3="Test User" - local replace_string3=$userfullName - rlLog "Executing: sed -e 's/$search_string3/$replace_string3/g' -i $temp_file" - rlRun "sed -e 's/$search_string3/$replace_string3/g' -i $temp_file" - - if [ $userid == $OCSP_adminV_user -o $userid == $OCSP_adminR_user -o $userid == $OCSP_agentV_user -o $userid == $OCSP_agentR_user -o $userid == $OCSP_auditV_user -o $userid == $OCSP_operatorV_user ]; then - #cert-request-submit===== - rlLog "Executing: pki cert-request-submit $temp_file" - rlRun "pki cert-request-submit $temp_file > $CERTDB_DIR/certrequest_ocsp_$i.out" 0 "Executing pki cert-request-submit" - rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest_ocsp_$i.out" - local request_id=`cat $CERTDB_DIR/certrequest_ocsp_$i.out | grep "Request ID:" | awk '{print $3}'` - rlLog "Request ID=$request_id" - rlRun "pki cert-request-show $request_id > $CERTDB_DIR/certrequestshow_ocsp_001$i.out" 0 "Executing pki cert-request-show $request_id" - rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - #Agent Approve the certificate after reviewing the cert for the user - rlLog "Executing: pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-request-review --action=approve $request_id" - - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-request-review --action=approve $request_id > $CERTDB_DIR/certapprove_ocsp_001$i.out" \ - 0 \ - "OCSP agent approve the cert" - rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_ocsp_001$i.out" - rlRun "pki cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" 0 "Executing pki cert-request-show $request_id" - rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out | grep "Certificate ID:" | awk '{print $3}'` - rlLog "Cerificate Serial Number=$certificate_serial_number" - - #Verify the certificate is valid - rlRun "pki cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_ocsp_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" - rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_ocsp_001$i.out" - rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_ocsp_001$i.out" - - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_ocsp_001$i.out > $CERTDB_DIR/validcert_ocsp_001$i.pem" - rlRun "certutil -d $CERTDB_DIR -A -n $userid -i $CERTDB_DIR/validcert_ocsp_001$i.pem -t "u,u,u"" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add-cert $userid --input $CERTDB_DIR/validcert_ocsp_001$i.pem > $CERTDB_DIR/useraddcert_ocsp_001$i.out" \ - 0 \ - "Cert is added to the user $userid" - - elif [ $userid == $OCSP_adminE_user -o $userid == $OCSP_agentE_user ]; then - #=======Expired cert waiting on response to --output ticket https://fedorahosted.org/pki/ticket/674 =======# - local profile_file="/var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg" - default_days="policyset.userCertSet.2.default.params.range=180" - change_days="policyset.userCertSet.2.default.params.range=1" - rlLog "Executing: sed -e 's/$default_days/$change_days/g' -i $profile_file" - rlRun "sed -e 's/$default_days/$change_days/g' -i $profile_file" - rlLog "Restart the subsytem" - rlRun "systemctl restart pki-tomcatd\@pki-tomcat.service" - #cert-request-submit===== - rlLog "Executing: pki cert-request-submit $temp_file" - rlRun "pki cert-request-submit $temp_file > $CERTDB_DIR/certrequest_ocsp_$i.out" 0 "Executing pki cert-request-submit" - rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest_ocsp_$i.out" - local request_id=`cat $CERTDB_DIR/certrequest_ocsp_$i.out | grep "Request ID:" | awk '{print $3}'` - rlLog "Request ID=$request_id" - rlRun "pki cert-request-show $request_id > $CERTDB_DIR/certrequestshow_ocsp_001$i.out" 0 "Executing pki cert-request-show $request_id" - rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-request-review --action=approve $request_id > $CERTDB_DIR/certapprove_ocsp_001$i.out" \ - 0 \ - "KRA agent approve the cert" - rlLog "cat $CERTDB_DIR/certapprove_ocsp_001$i.out" - rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_ocsp_001$i.out" - rlRun "pki cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" 0 "Executing pki cert-request-show $request_id" - rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out | grep "Certificate ID:" | awk '{print $3}'` - rlLog "Cerificate Serial Number=$certificate_serial_number" - #Verify the certificate is expired - rlRun "pki cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_ocsp_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" - rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_ocsp_001$i.out" - rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_ocsp_001$i.out" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_ocsp_001$i.out > $CERTDB_DIR/validcert_ocsp_001$i.pem" - rlRun "certutil -d $CERTDB_DIR -A -n $userid -i $CERTDB_DIR/validcert_ocsp_001$i.pem -t "u,u,u"" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add-cert $userid --input $CERTDB_DIR/validcert_ocsp_001$i.pem > $CERTDB_DIR/useraddcert_ocsp_001$i.out" \ - 0 \ - "Cert is added to the user $userid" - rlLog "Modifying profile back to the defaults" - rlRun "sed -e 's/$change_days/$default_days/g' -i $profile_file" - rlLog "Restart the subsytem" - rlRun "systemctl restart pki-tomcatd\@pki-tomcat.service" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - rlRun "pki cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_exp_ocsp_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" - rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_exp_ocsp_001$i.out" - rlAssertGrep "Status: EXPIRED" "$CERTDB_DIR/certificate_show_exp_ocsp_001$i.out" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - fi - fi - #Add the certificate to $CERTDB_DIR - #note: certificate b664 at $CERTDB_DIR/certificate_show_ocsp_001$i.out - if [ $userid == $OCSP_adminUTOCSP_user ]; then - rlRun "certutil -d /tmp/untrusted_cert_db -A -n $userid -i /opt/rhqa_pki/dummycert1.pem -t ",,"" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add-cert $userid --input /opt/rhqa_pki/dummycert1.pem > $CERTDB_DIR/useraddcert_ocsp_001$i.out" \ - 0 \ - "Cert is added to the user $userid" - elif [ $userid == $OCSP_agentUTOCSP_user ]; then - rlRun "certutil -d /tmp/untrusted_cert_db -A -n $userid -i /opt/rhqa_pki/dummycert1.pem -t ",,"" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add-cert $userid --input /opt/rhqa_pki/dummycert1.pem > $CERTDB_DIR/useraddcert_ocsp_001$i.out" \ - 0 \ - "Cert is added to the user $userid" - #Revoke certificate of user OCSP_adminR and OCSP_agentR - elif [ $userid == $OCSP_adminR_user -o $userid == $OCSP_agentR_user ] ;then - rlLog "$userid" - rlLog "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-revoke $certificate_serial_number --force --reason = Unspecified > $CERTDB_DIR/revokecert_ocsp_001$i.out" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-revoke $certificate_serial_number --force --reason=Unspecified > $CERTDB_DIR/revokecert_ocsp_001$i.out" \ - 0 \ - "Certificate of user $userid is revoked" - rlAssertGrep "Serial Number: $certificate_serial_number" "$CERTDB_DIR/revokecert_ocsp_001$i.out" - rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/revokecert_ocsp_001$i.out" - rlAssertGrep "Status: REVOKED" "$CERTDB_DIR/revokecert_ocsp_001$i.out" - fi - let i=$i+2 - done - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh index e8924d2bc..560e9c96b 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh @@ -3,17 +3,17 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-show CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-show Show OCSP users # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Author: Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms @@ -39,374 +39,865 @@ . /opt/rhqa_pki/env.sh ###################################################################################### -#pki-user-cli-user-ocsp.sh should be first executed prior to pki-user-cli-user-add-ocsp.sh -#pki-user-cli-user-add-ocsp.sh should be first executed prior to pki-user-cli-user-add-ocsp.sh +#create_role_users.sh should be first executed prior to pki-user-cli-user-show-ocsp.sh ###################################################################################### ######################################################################## -# Test Suite Globals -######################################################################## +run_pki-user-cli-user-show-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId -######################################################################## + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + #local variables + user1=ocsp_agent2 + user1fullname="Test ocsp_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + rlPhaseStartTest "pki_user_show-configtest: pki user-show configuration test" + rlRun "pki user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \ + 0 \ + "pki user-show" + rlAssertGrep "usage: user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_user_show_cfg.out" + rlPhaseEnd -run_pki-user-cli-user-show-ocsp_tests(){ ##### Tests to show OCSP users #### - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001: Add a user to OCSP using OCSP_adminV" - rlLog "Executing: pki -d $TmpDir/nssdb \ - -n OCSP_adminV \ + rlPhaseStartTest "pki_user_cli_user_show-OCSP-001: Add user to OCSP using OCSP_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user1" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user1 > $TmpDir/pki-user-show-ocsp-001.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user $user1" rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-show-ocsp-001.out" rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-show-ocsp-001.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ocsp-001.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_1:maximum length of user id " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user2 > $TmpDir/pki-user-show-ocsp-001_1.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user2 user" rlAssertGrep "User \"$user2\"" "$TmpDir/pki-user-show-ocsp-001_1.out" - rlAssertGrep "User ID: $user2" "$TmpDir/pki-user-show-ocsp-001_1.out" + actual_userid_string=`cat $TmpDir/pki-user-show-ocsp-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_1.out" + rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_2:User id with # character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user3 > $TmpDir/pki-user-show-ocsp-001_2.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user3 user" rlAssertGrep "User \"$user3\"" "$TmpDir/pki-user-show-ocsp-001_2.out" rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-show-ocsp-001_2.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_3:User id with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user4 > $TmpDir/pki-user-show-ocsp-001_3.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user4 user" rlAssertGrep "User \"$user4\"" "$TmpDir/pki-user-show-ocsp-001_3.out" rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-show-ocsp-001_3.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_3.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_4:User id with @ character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user5 > $TmpDir/pki-user-show-ocsp-001_4.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user5 user" rlAssertGrep "User \"$user5\"" "$TmpDir/pki-user-show-ocsp-001_4.out" rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-show-ocsp-001_4.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_4.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_5:User id with ? character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user6 > $TmpDir/pki-user-show-ocsp-001_5.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user6 user" rlAssertGrep "User \"$user6\"" "$TmpDir/pki-user-show-ocsp-001_5.out" rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-show-ocsp-001_5.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_5.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_6:User id as 0" + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user7 > $TmpDir/pki-user-show-ocsp-001_6.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user $user7" rlAssertGrep "User \"$user7\"" "$TmpDir/pki-user-show-ocsp-001_6.out" rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-show-ocsp-001_6.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_6.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_7:--email with maximum length " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u1 > $TmpDir/pki-user-show-ocsp-001_7.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u1" rlAssertGrep "User \"u1\"" "$TmpDir/pki-user-show-ocsp-001_7.out" rlAssertGrep "User ID: u1" "$TmpDir/pki-user-show-ocsp-001_7.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_7.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-ocsp-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-show-ocsp-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_8:--email with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u2 > $TmpDir/pki-user-show-ocsp-001_8.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u2" rlAssertGrep "User \"u2\"" "$TmpDir/pki-user-show-ocsp-001_8.out" rlAssertGrep "User ID: u2" "$TmpDir/pki-user-show-ocsp-001_8.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_8.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-show-ocsp-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-show-ocsp-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_9:--email with # character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u3 > $TmpDir/pki-user-show-ocsp-001_9.out" \ - 0 \ - "Show pki OCSP_adminV user" + 0 \ + "Add user u3" rlAssertGrep "User \"u3\"" "$TmpDir/pki-user-show-ocsp-001_9.out" rlAssertGrep "User ID: u3" "$TmpDir/pki-user-show-ocsp-001_9.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_9.out" rlAssertGrep "Email: #" "$TmpDir/pki-user-show-ocsp-001_9.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_10:--email with * character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u4 > $TmpDir/pki-user-show-ocsp-001_10.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u4 using ${prefix}_adminV" rlAssertGrep "User \"u4\"" "$TmpDir/pki-user-show-ocsp-001_10.out" rlAssertGrep "User ID: u4" "$TmpDir/pki-user-show-ocsp-001_10.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_10.out" rlAssertGrep "Email: *" "$TmpDir/pki-user-show-ocsp-001_10.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_11:--email with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u5 > $TmpDir/pki-user-show-ocsp-001_11.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u5 using ${prefix}_adminV" rlAssertGrep "User \"u5\"" "$TmpDir/pki-user-show-ocsp-001_11.out" rlAssertGrep "User ID: u5" "$TmpDir/pki-user-show-ocsp-001_11.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_11.out" rlAssertGrep "Email: \\$" "$TmpDir/pki-user-show-ocsp-001_11.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_12:--email as number 0 " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u6 > $TmpDir/pki-user-show-ocsp-001_12.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u6 using ${prefix}_adminV" rlAssertGrep "User \"u6\"" "$TmpDir/pki-user-show-ocsp-001_12.out" rlAssertGrep "User ID: u6" "$TmpDir/pki-user-show-ocsp-001_12.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_12.out" rlAssertGrep "Email: 0" "$TmpDir/pki-user-show-ocsp-001_12.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_13:--state with maximum length " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u7 > $TmpDir/pki-user-show-ocsp-001_13.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u7 using ${prefix}_adminV" rlAssertGrep "User \"u7\"" "$TmpDir/pki-user-show-ocsp-001_13.out" rlAssertGrep "User ID: u7" "$TmpDir/pki-user-show-ocsp-001_13.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_13.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-ocsp-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-show-ocsp-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-ocsp-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-ocsp-001_13.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_14:--state with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u8 > $TmpDir/pki-user-show-ocsp-001_14.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u8 using ${prefix}_adminV" rlAssertGrep "User \"u8\"" "$TmpDir/pki-user-show-ocsp-001_14.out" rlAssertGrep "User ID: u8" "$TmpDir/pki-user-show-ocsp-001_14.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_14.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-show-ocsp-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-show-ocsp-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-ocsp-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-ocsp-001_14.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_15:--state with # character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u9 > $TmpDir/pki-user-show-ocsp-001_15.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u9 using ${prefix}_adminV" rlAssertGrep "User \"u9\"" "$TmpDir/pki-user-show-ocsp-001_15.out" rlAssertGrep "User ID: u9" "$TmpDir/pki-user-show-ocsp-001_15.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_15.out" rlAssertGrep "State: #" "$TmpDir/pki-user-show-ocsp-001_15.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_16:--state with * character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u10 > $TmpDir/pki-user-show-ocsp-001_16.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u10 using ${prefix}_adminV" rlAssertGrep "User \"u10\"" "$TmpDir/pki-user-show-ocsp-001_16.out" rlAssertGrep "User ID: u10" "$TmpDir/pki-user-show-ocsp-001_16.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_16.out" rlAssertGrep "State: *" "$TmpDir/pki-user-show-ocsp-001_16.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_17:--state with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u11 > $TmpDir/pki-user-show-ocsp-001_17.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u11 using ${prefix}_adminV" rlAssertGrep "User \"u11\"" "$TmpDir/pki-user-show-ocsp-001_17.out" rlAssertGrep "User ID: u11" "$TmpDir/pki-user-show-ocsp-001_17.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_17.out" rlAssertGrep "State: \\$" "$TmpDir/pki-user-show-ocsp-001_17.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_18:--state as number 0 " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u12 > $TmpDir/pki-user-show-ocsp-001_18.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show pki ${prefix}_adminV user" rlAssertGrep "User \"u12\"" "$TmpDir/pki-user-show-ocsp-001_18.out" rlAssertGrep "User ID: u12" "$TmpDir/pki-user-show-ocsp-001_18.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_18.out" rlAssertGrep "State: 0" "$TmpDir/pki-user-show-ocsp-001_18.out" rlPhaseEnd + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_19:--phone with maximum length " + rlPhaseStartTest "pki_user_cli_user_show-OCSP-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u13 > $TmpDir/pki-user-show-ocsp-001_19.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u13 using ${prefix}_adminV" rlAssertGrep "User \"u13\"" "$TmpDir/pki-user-show-ocsp-001_19.out" rlAssertGrep "User ID: u13" "$TmpDir/pki-user-show-ocsp-001_19.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_19.out" - rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-ocsp-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-ocsp-001_19.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_24:--phone as negative number -1230 " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u14 > $TmpDir/pki-user-show-ocsp-001_24.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u14 using ${prefix}_adminV" rlAssertGrep "User \"u14\"" "$TmpDir/pki-user-show-ocsp-001_24.out" rlAssertGrep "User ID: u14" "$TmpDir/pki-user-show-ocsp-001_24.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_24.out" rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-show-ocsp-001_24.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_25:--type as Auditors" + rlPhaseStartTest "pki_user_cli_user_show-OCSP-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u15 > $TmpDir/pki-user-show-ocsp-001_25.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u15 using ${prefix}_adminV" rlAssertGrep "User \"u15\"" "$TmpDir/pki-user-show-ocsp-001_25.out" rlAssertGrep "User ID: u15" "$TmpDir/pki-user-show-ocsp-001_25.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_25.out" rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-show-ocsp-001_25.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_26:--type Certificate Manager Agents " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u16 > $TmpDir/pki-user-show-ocsp-001_26.out" \ 0 \ - "Show pki OCSP user" + "Show user u16 using ${prefix}_adminV" rlAssertGrep "User \"u16\"" "$TmpDir/pki-user-show-ocsp-001_26.out" rlAssertGrep "User ID: u16" "$TmpDir/pki-user-show-ocsp-001_26.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_26.out" rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-show-ocsp-001_26.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_27:--type Registration Manager Agents " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u17 > $TmpDir/pki-user-show-ocsp-001_27.out" \ 0 \ - "Show pki OCSP user" + "Show user u17 using ${prefix}_adminV" rlAssertGrep "User \"u17\"" "$TmpDir/pki-user-show-ocsp-001_27.out" rlAssertGrep "User ID: u17" "$TmpDir/pki-user-show-ocsp-001_27.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_27.out" rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-show-ocsp-001_27.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_28:--type Subsytem Group " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u18 > $TmpDir/pki-user-show-ocsp-001_28.out" \ 0 \ - "Show pki OCSP user" + "Show user u18 using ${prefix}_adminV" rlAssertGrep "User \"u18\"" "$TmpDir/pki-user-show-ocsp-001_28.out" rlAssertGrep "User ID: u18" "$TmpDir/pki-user-show-ocsp-001_28.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_28.out" - rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-show-ocsp-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-user-show-ocsp-001_28.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_29:--type Security Domain Administrators " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u19 > $TmpDir/pki-user-show-ocsp-001_29.out" \ 0 \ - "Show pki OCSP user" + "Show user u19 using ${prefix}_adminV" rlAssertGrep "User \"u19\"" "$TmpDir/pki-user-show-ocsp-001_29.out" rlAssertGrep "User ID: u19" "$TmpDir/pki-user-show-ocsp-001_29.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_29.out" rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-show-ocsp-001_29.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_30:--type ClonedSubsystems " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u20 > $TmpDir/pki-user-show-ocsp-001_30.out" \ 0 \ - "Show pki OCSP user" + "Show user u20 using ${prefix}_adminV" rlAssertGrep "User \"u20\"" "$TmpDir/pki-user-show-ocsp-001_30.out" rlAssertGrep "User ID: u20" "$TmpDir/pki-user-show-ocsp-001_30.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_30.out" rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-show-ocsp-001_30.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_31:--type Trusted Managers " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u21 > $TmpDir/pki-user-show-ocsp-001_31.out" \ 0 \ - "Show pki OCSP user" + "Show user u21 using ${prefix}_adminV" rlAssertGrep "User \"u21\"" "$TmpDir/pki-user-show-ocsp-001_31.out" rlAssertGrep "User ID: u21" "$TmpDir/pki-user-show-ocsp-001_31.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_31.out" rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-show-ocsp-001_31.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_32: Add a user to OCSP with -t option" + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-029: Show user with -t ocsp option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u22 > $TmpDir/pki-user-show-ocsp-001_32.out" \ 0 \ - "Show pki OCSP user" + "Show user u22 using ${prefix}_adminV" rlAssertGrep "User \"u22\"" "$TmpDir/pki-user-show-ocsp-001_32.out" rlAssertGrep "User ID: u22" "$TmpDir/pki-user-show-ocsp-001_32.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ocsp-001_32.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_33: Add a user -- all options provided" + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u23 > $TmpDir/pki-user-show-ocsp-001_33.out" \ 0 \ - "Show pki OCSP user" - + "Show user u23 using ${prefix}_adminV" rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ocsp-001_33.out" rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ocsp-001_33.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ocsp-001_33.out" @@ -415,25 +906,292 @@ run_pki-user-cli-user-show-ocsp_tests(){ rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-ocsp-001_33.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-show-ocsp-001_33.out" rlPhaseEnd + #Negative Cases - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_34: Missing required option user id " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + rlPhaseStartTest "pki_user_cli_user_show-OCSP-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - user-show > $TmpDir/pki-user-show-ocsp-001_34.out 2>&1" \ - 1 \ - "Cannot show user without user id" - rlAssertGrep "usage: user-show <User ID>" "$TmpDir/pki-user-show-ocsp-001_34.out" + user-show U23 > $TmpDir/pki-user-show-ocsp-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-033: Should not be able to show user using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-034: Should not be able to show user using a agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_35: Checking if user id case sensitive " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-035: Should not be able to show user using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-036: Should not be able to show user using a OCSP_agentR user" + rlLog "To test error message consistency for the request pki_user_cli_user_show-OCSP-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t ocsp user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-037: Should not be able to show user using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-038: Should not be able to show user using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-039: Should not be able to show user using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a audit cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-040: Should not be able to show user using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u23 > $TmpDir/pki-user-show-ocsp-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ocsp-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-ocsp-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-show-ocsp-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ocsp-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show \"$user_length_exceed_max\"" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - user-show U23 > $TmpDir/pki-user-show-ocsp-001_35.out 2>&1" \ - 1 \ - "Cannot show user since the user id is case sensitive" - rlAssertGrep "UserNotFoundException: User U23 not found" "$TmpDir/pki-user-show-ocsp-001_35.out" + user-show \"$user_length_exceed_max\" > $TmpDir/pki-user-show-ocsp-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-ocsp-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-044: user name with i18n characters" + rlLog "user-add user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-user-show-ocsp-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-user-show-ocsp-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-045: user name with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-user-show-ocsp-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u25 > $TmpDir/pki-user-show-ocsp-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-user-show-ocsp-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-ocsp-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-user-show-ocsp-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "OCSP instance is not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh new file mode 100755 index 000000000..c925eebb8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh @@ -0,0 +1,1544 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-add Add users to pki TKS subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-user-cli-user-add-tks.sh +######################################################################## +run_pki-user-cli-user-add-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + rlPhaseStartSetup "pki_user_cli_user_add-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + if [ "$tks_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli-configtest: pki user --help configuration test" + rlRun "pki user --help > $TmpDir/pki_user_cfg.out 2>&1" \ + 0 \ + "pki user --help" + rlAssertGrep "user-find Find users" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-show Show user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-add Add user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-mod Modify user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-del Remove user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-cert User certificate management commands" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-membership User membership management commands" "$TmpDir/pki_user_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-configtest: pki user-add configuration test" + rlRun "pki user-add --help > $TmpDir/pki_user_add_cfg.out 2>&1" \ + 0 \ + "pki user-add --help" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--email <email> Email" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--password <password> Password" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--state <state> State" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--type <type> Type" "$TmpDir/pki_user_add_cfg.out" + rlPhaseEnd + + ##### Tests to add TKS users using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_user_cli_user_add-TKS-001: Add a user to TKS using TKS_adminV" + user1=tks_agent2 + user1fullname="Test tks_agent" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -t tks -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-001.out" 0 "Add user $user1 to TKS_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-tks-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-tks-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-tks-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-tks-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-user-add-tks-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-003:User id with # character" + user3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user3 > $TmpDir/pki-user-add-tks-001_2.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-user-add-tks-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-add-tks-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-004:User id with $ character" + user4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user4 > $TmpDir/pki-user-add-tks-001_3.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-user-add-tks-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-add-tks-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-005:User id with @ character" + user5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user5 > $TmpDir/pki-user-add-tks-001_4.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-user-add-tks-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-add-tks-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-006:User id with ? character" + user6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user6 > $TmpDir/pki-user-add-tks-001_5.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-user-add-tks-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-add-tks-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-007:User id as 0" + user7=0 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user7 > $TmpDir/pki-user-add-tks-001_6.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-user-add-tks-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-add-tks-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-user-add-tks-001_7.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-user-add-tks-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-user-add-tks-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-add-tks-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email='$email' u2 > $TmpDir/pki-user-add-tks-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-user-add-tks-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-user-add-tks-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-add-tks-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-010:--email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=# u3 > $TmpDir/pki-user-add-tks-001_9.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-user-add-tks-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-user-add-tks-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-user-add-tks-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-011:--email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=* u4 > $TmpDir/pki-user-add-tks-001_10.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-user-add-tks-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-user-add-tks-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-user-add-tks-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-012:--email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=$ u5 > $TmpDir/pki-user-add-tks-001_11.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-user-add-tks-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-user-add-tks-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-user-add-tks-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-013:--email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=0 u6 > $TmpDir/pki-user-add-tks-001_12.out " \ + 0 \ + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-user-add-tks-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-user-add-tks-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-user-add-tks-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-user-add-tks-001_13.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-user-add-tks-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-user-add-tks-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-add-tks-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-tks-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-tks-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state='$state' u8 > $TmpDir/pki-user-add-tks-001_14.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-user-add-tks-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-user-add-tks-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-add-tks-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-tks-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-tks-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-016:--state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state=# u9 > $TmpDir/pki-user-add-tks-001_15.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tks-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tks-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-user-add-tks-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-017:--state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=* u10 > $TmpDir/pki-user-add-tks-001_16.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-tks-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-tks-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-user-add-tks-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-018:--state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=$ u11 > $TmpDir/pki-user-add-tks-001_17.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-tks-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-tks-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-user-add-tks-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-019:--state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=0 u12 > $TmpDir/pki-user-add-tks-001_18.out " \ + 0 \ + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-add-tks-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-add-tks-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-user-add-tks-001_18.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-user-add-tks-001_19.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-user-add-tks-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-user-add-tks-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-tks-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-user-add-tks-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tks-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-022:--phone with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=# usr2 > $TmpDir/pki-user-add-tks-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tks-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-023:--phone with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=* usr3 > $TmpDir/pki-user-add-tks-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tks-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-024:--phone with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-user-add-tks-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tks-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-025:--phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-user-add-tks-001_24.out " \ + 0 \ + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-user-add-tks-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-user-add-tks-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-add-tks-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-026:--type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-user-add-tks-001_25.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-tks-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-tks-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-add-tks-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-027:--type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-user-add-tks-001_26.out" \ + 0 \ + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-user-add-tks-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-add-tks-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-add-tks-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-028:--type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-user-add-tks-001_27.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-user-add-tks-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-user-add-tks-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-add-tks-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-029:--type Subsytem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-user-add-tks-001_28.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-user-add-tks-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-user-add-tks-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_28.out" + rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-add-tks-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-030:--type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-user-add-tks-001_29.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-tks-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-tks-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-add-tks-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-031:--type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-user-add-tks-001_30.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-tks-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-tks-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-add-tks-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-032:--type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-user-add-tks-001_31.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-user-add-tks-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-user-add-tks-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-add-tks-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-033:--type Dummy Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-user-add-tks-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-user-add-tks-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-user-add-tks-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-user-add-tks-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-034: Add a duplicate user to TKS" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-tks-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-tks-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-036: Add a user -- missing required option user id" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" > $TmpDir/pki-user-add-tks-004.out" \ + 255 \ + "Add user -- missing required option user id" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-user-add-tks-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-037: Add a user -- missing required option --fullName" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add $user1 > $TmpDir/pki-user-add-tks-005.out 2>&1" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-038: Add a user -- all options provided" + email="tks_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23 > $TmpDir/pki-user-add-tks-006_1.out" \ + 0 \ + "Add user u23 to TKS -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-add-tks-006_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-039: Add user to multiple groups" + user=u24 + userfullname="Multiple Group User" + email="multiplegroup@myemail.com" + user_password="admin2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$userfullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + $user > $TmpDir/pki-user-add-tks-006.out " \ + 0 \ + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-add-tks-006.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-add Administrators $user > $TmpDir/pki-user-add-tks-007_1.out" \ + 0 \ + "Add user $user to Administrators group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-tks-007_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-user-add-tks-007_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find Administrators > $TmpDir/pki-user-add-tks-007.out" \ + 0 \ + "Show pki group-member-find Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-add \"Token Key Service Manager Agents\" $user > $TmpDir/pki-user-add-tks-007_1_1.out" \ + 0 \ + "Add user $user to Token Key Service Manager Agents" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-tks-007_1_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-user-add-tks-007_1_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find \"Token Key Service Manager Agents\" > $TmpDir/pki-user-add-tks-007_2.out" \ + 0 \ + "Show pki group-member-find Token Key Service Manager Agents" + + rlAssertGrep "User: $user" "$TmpDir/pki-user-add-tks-007_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-040: Add user with --password less than 8 characters" + userpw="pass" + expmsg="PKIException: The password must be at least 8 characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-tks-008.out 2>&1" \ + 255 \ + "Add a user --must be at least 8 characters --password" + rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-tks-008.out" + rlPhaseEnd + + ##### Tests to add users using revoked cert##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-041: Should not be able to add user using a revoked cert TKS_adminR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-042: Should not be able to add user using a agent with revoked cert TKS_agentR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add users using an agent user##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-043: Should not be able to add user using a valid agent TKS_agentV user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tks-agentV-002.out" + rlPhaseEnd + + ##### Tests to add users using CA_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-044: Should not be able to add user using a TKS_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-agentUTCA-002.out" + rlPhaseEnd + + ##### Tests to add users using expired cert##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-045: Should not be able to add user using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-tks-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-046: Should not be able to add user using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-tks-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-tks-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add users using audit users##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-047: Should not be able to add user using a TKS_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tks-auditV-002.out" + rlPhaseEnd + + + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_user_cli_user_add-TKS-048: Should not be able to add user using a TKS_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tks-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-049: Should not be able to add user using a cert created from a untrusted TKS TKS_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-user-add-tks-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-user-add-tks-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-tks-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-051: fullname with i18n characters" + rlLog "user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-user-add-tks-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-user-add-tks-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-add-tks-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-add-tks-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-052: fullname with i18n characters" + rlLog "user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u27 > $TmpDir/pki-user-add-tks-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-user-add-tks-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-user-add-tks-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-add-tks-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-053: fullname with i18n characters" + rlLog "user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-user-add-tks-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-user-add-tks-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-tks-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-user-add-tks-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u28 > $TmpDir/pki-user-add-tks-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-user-add-tks-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-tks-001_53_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-054: fullname with i18n characters" + rlLog "user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-user-add-tks-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-user-add-tks-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-tks-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u29 > $TmpDir/pki-user-add-tks-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-user-add-tks-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-tks-001_54_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-055: fullname with i18n characters" + rlLog "user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-user-add-tks-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-user-add-tks-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-tks-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u30 > $TmpDir/pki-user-add-tks-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-user-add-tks-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-tks-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-056: user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-057: userid with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-058: email address with i18n characters" + rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tks user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-059: email address with i18n characters" + rlLog "user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket :: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-060: password with i18n characters" + rlLog "user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-user-add-tks-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-user-add-tks-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u31 > $TmpDir/pki-user-add-tks-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-user-add-tks-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-061: password with i18n characters" + rlLog "user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-user-add-tks-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-user-add-tks-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u32 > $TmpDir/pki-user-add-tks-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-user-add-tks-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-062: type with i18n characters" + rlLog "user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-user-add-tks-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-user-add-tks-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-tks-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u33 > $TmpDir/pki-user-add-tks-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-user-add-tks-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-tks-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-063: type with i18n characters" + rlLog "user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-user-add-tks-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-user-add-tks-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-tks-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u34 > $TmpDir/pki-user-add-tks-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-user-add-tks-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-tks-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-064: state with i18n characters" + rlLog "user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state='čå' u35 > $TmpDir/pki-user-add-tks-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-user-add-tks-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-tks-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u35 > $TmpDir/pki-user-add-tks-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-user-add-tks-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-tks-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-065: state with i18n characters" + rlLog "user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state='йč' u36 > $TmpDir/pki-user-add-tks-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-user-add-tks-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-tks-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u36 > $TmpDir/pki-user-add-tks-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-user-add-tks-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-tks-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-add-tks-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t tks \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t tks \ + user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t tks \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t tks \ + user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting users" + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del '$usr' > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-user-del-tks-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-user-del-tks-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-user-del-tks-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del $pki_user > $TmpDir/pki-user-del-user-tks-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-user-del-user-tks-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not created." + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-add-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-add-tks.sh new file mode 100755 index 000000000..97cda8141 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-add-tks.sh @@ -0,0 +1,2400 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-add-tks Add certs to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-add-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-add-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + rlPhaseStartSetup "pki_user_cli_user_cert-add-tks-startup: Create temporary directory and initializing host/port variables" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to add certs to TKS users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-002: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_002crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-add-tks-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_tks_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_tks_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_tks_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_004crmf.out > $TmpDir/pki_tks_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_tks_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_005crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_tks_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-006: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_006crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-007: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $user2" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_009crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tks_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tks_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_tks_user_cert-add-tks-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0018crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0018crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0018crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add Administrators admin_user > $TmpDir/pki-tks-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add Administrators admin_user1 > $TmpDir/pki-tks-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user --input $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user --input $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tks_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tks_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tks_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tks_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-TKS-0020: Adding a cert as a TKS agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid TKS agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid TKS agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid auditor user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0021: Adding a cert as valid TKS auditor user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a TKS auditor user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0022: Adding a cert as TKS_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TKS_HOST -p $TKS_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TKS_HOST -p $TKS_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0027crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_adminUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as TKS_agentUTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0027: Adding a cert as TKS_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0028crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_agentUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user TKS_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an TKS_operatorV ##### + +rlPhaseStartTest "pki_user_cli_user_cert-TKS-add-0028: Adding a cert as TKS_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_user_cli_user_cert-TKS-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_user_cli_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_user_cli_tks_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# group-member-add Administrators $userid > $TmpDir/pki-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-delete-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-delete-tks.sh new file mode 100755 index 000000000..f255833ff --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-delete-tks.sh @@ -0,0 +1,877 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-delete-tks Delete the certs assigned to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-delete-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-delete-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + ##### Create temporary directory to save output files##### + rlPhaseStartSetup "pki_user_cli_user_cert-del-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Tests to delete certs assigned to TKS users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-002-tier1: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tks_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tks_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-003: pki user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tks_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tks_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-004: pki user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-005: pki user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-006-tier1: pki user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-007-tier1: pki user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-008: Delete certs assigned to a user - as TKS_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-009: Delete certs assigned to a user - as TKS_auditorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0010: Delete certs assigned to a user - as TKS_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0011: Delete certs assigned to a user - as TKS_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0012: Delete certs assigned to a user - as TKS_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0013: Delete certs assigned to a user - as TKS_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_operatorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-TKS-0015: Delete certs assigned to a user - as TKS_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to TKS users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_tks_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_tks_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add Administrators admin_user > $TmpDir/pki-user-add-tks-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-tks-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_tks_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_tks_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user --input $TmpDir/pki_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user --input $TmpDir/pki_tks_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tks_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tks_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tks_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tks_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tks_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT -t tks user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tks_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tks_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tks_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tks_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tks_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT -t tks user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-find-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-find-tks.sh new file mode 100755 index 000000000..b164c55a2 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-find-tks.sh @@ -0,0 +1,1123 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-find-tks Finding the certs assigned to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-find-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + #####Create temporary dir to save the output files##### + rlPhaseStartSetup "pki_user_cli_user_cert-find-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Find certs assigned to a TKS user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-002: Find the certs of a user in TKS --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_tks_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_tks_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 > $TmpDir/pki_tks_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TKS user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-003: Find the certs of a user in TKS --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_tks_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_tks_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 > $TmpDir/pki_tks_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tks_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-004: Find the certs of a user in TKS --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-005: Find the certs of a user in TKS --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user3 > $TmpDir/pki_tks_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_tks_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-006: Find the certs of a user in TKS --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=2 > $TmpDir/pki_tks_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_tks_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-007: Find the certs of a user in TKS --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=0 > $TmpDir/pki_tks_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tks_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-008: Find the certs of a user in TKS --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-009: Find the certs of a user in TKS --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=50 > $TmpDir/pki_tks_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-010: Find the certs of a user in TKS --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=2 > $TmpDir/pki_tks_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_tks_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-011: Find the certs of a user in TKS --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=0 > $TmpDir/pki_tks_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-012: Find the certs of a user in TKS --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=0 > $TmpDir/pki_tks_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tks_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-013: Find the certs of a user in TKS --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=50 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-014: Find the certs of a user in TKS --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=50 > $TmpDir/pki_tks_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tks_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-015: Find the certs of a user in TKS --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_tks_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tks_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-016: Find the certs of a user in TKS --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_tks_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_tks_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --input $TmpDir/pki_tks_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --input $TmpDir/pki_tks_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --input $TmpDir/pki_tks_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --input $TmpDir/pki_tks_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $newuserid > $TmpDir/pki_tks_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-017: Find the certs of a user in TKS --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-018: Find the certs of a user in TKS --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_tks_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_tks_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-019: Find the certs of a user in TKS --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_tks_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tks_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-020: Find the certs of a user in TKS --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_tks_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_tks_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-021: Find the certs of a user in TKS --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_tks_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to TKS users - i18n characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_tks_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_tks_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 > $TmpDir/pki_tks_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-023: Find the certs of a user as TKS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a valid auditor user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-024: Find the certs of a user as TKS_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a valid auditor user" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-025: Find the certs of a user as TKS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-026: Find the certs of a user as TKS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-027: Find the certs of a user as TKS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-028: Find the certs of a user as TKS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a user whose TKS cert has not been trusted ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TKS user - userid is missing ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a TKS user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-show-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-show-tks.sh new file mode 100755 index 000000000..80d73ccf4 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-show-tks.sh @@ -0,0 +1,1115 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-show-tks Show the certs assigned to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-show-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-show-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + ##### Create temporary directory to save output files ##### + rlPhaseStartSetup "pki_user_cli_user_cert-show-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to find certs assigned to TKS users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_tks_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_002crmf.out > $TmpDir/pki_tks_user_cert_show_validcert_002crmf.pem" + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_show_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-003: pki user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-004: pki user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-005: pki user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-006-tier1: pki user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-007-tier1: pki user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-009: pki user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0010: pki user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0012: pki user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0013: pki user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0014: pki user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0015: pki user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0017: pki user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0018: pki user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0019-tier1: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_tks_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_tks_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_pkcs10_output0019 > $TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_crmf_output0019 > $TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0020: Show certs assigned to a user - as TKS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0021: Show certs assigned to a user - as TKS_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0022: Show certs assigned to a user - as TKS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0023: Show certs assigned to a user - as TKS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0024: Show certs assigned to a user - as TKS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0025: Show certs assigned to a user - as TKS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS operator user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0027: Show certs assigned to a user - as TKS operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_pkcs10_output0028 > $TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_crmf_output0028 > $TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0031: pki user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to TKS users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_tks_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_tks_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-del-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-del-tks.sh new file mode 100755 index 000000000..c16de6501 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-del-tks.sh @@ -0,0 +1,726 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-del Delete pki subsystem TKS users. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-del.sh +######################################################################## + +run_pki-user-cli-user-del-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + rlPhaseStartSetup "pki_user_cli_user_del-TKS-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$tks_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli_user_del-TKS-tks-configtest-001: pki user-del --help configuration test" + rlRun "pki user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki user-del --help" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-tks-configtest-002: pki user-del configuration test" + rlRun "pki user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki user-del" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user1-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let i=$i+1 + done + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user $usr" + let i=$i+1 + done + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del USER_ABC > $TmpDir/pki-user-del-tks-user-002_1.out" \ + 0 \ + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-user-del-tks-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del > $TmpDir/pki-user-del-tks-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/pki-user-del-tks-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-tks-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del \"$user2\" > $TmpDir/pki-user-del-tks-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-tks-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test '$userid' > $TmpDir/pki-user-add-tks-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del '$userid' > $TmpDir/pki-user-del-tks-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-tks-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show '$userid' > $TmpDir/pki-user-del-tks-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-user-del-tks-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test tks_agent" + email="tks_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-user-add-tks-008.out" \ + 0 \ + "Add user $user1 to TKS -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add $user1 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del $user1 > $TmpDir/pki-user-del-tks-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-user-del-tks-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-user-add-tks-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u22 > $TmpDir/pki-user-del-tks-user-009.out" \ + 0 \ + "Deleting user u22 using -t tks option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-user-del-tks-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-010: Should not be able to delete user using a revoked cert TKS_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-user-add-tks-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23 > $TmpDir/pki-user-show-tks-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-tks-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tks-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-tks-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-011: Should not be able to delete user using a agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23 > $TmpDir/pki-user-show-tks-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-tks-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tks-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-tks-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u23 > $TmpDir/pki-user-del-tks-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-012: Should not be able to delete user using a valid agent TKS_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-user-add-tks-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-013: Should not be able to delete user using a admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-014: Should not be able to delete a user using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-015: Should not be able to delete user using a TKS_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a audit cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-016: Should not be able to delete user using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-del-tks-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-del-tks-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u24 > $TmpDir/pki-user-del-tks-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-019: delete user name with i18n characters" + rlLog "user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-user-add-tks-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-tks-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-tks-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u19 > $TmpDir/pki-user-del-tks-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-tks-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-020: delete username with i18n characters" + rlLog "user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-user-add-tks-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-tks-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-tks-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u20 > $TmpDir/pki-user-del-tks-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-tks-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_del-tks_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-find-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-find-tks.sh new file mode 100755 index 000000000..7fbed0dca --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-find-tks.sh @@ -0,0 +1,803 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-find To list users in TKS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Laxmi Sunkara <lsunkara@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-user-cli-user-find.sh +######################################################################## + +run_pki-user-cli-user-find-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory + rlPhaseStartSetup "pki tks user-find Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tks_instance_created" = "TRUE" ] ; then + user1=tks_agent2 + user1fullname="Test tks_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + + rlPhaseStartSetup "pki_user_cli_user_find-tks-startup-addusers: Add users" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-configtest-001: pki user-find --help configuration test" + rlRun "pki user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki user-find --help" + rlAssertGrep "usage: user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-configtest-002: pki user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-003: Find 5 users, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=5 > $TmpDir/pki-user-find-tks-001.out 2>&1" \ + 0 \ + "Found 5 users" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-find-tks-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-004: Find non user, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=0 > $TmpDir/pki-user-find-tks-002.out 2>&1" \ + 0 \ + "Found no users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-005: Find all users, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$large_num > $TmpDir/pki-user-find-tks-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-user-find-tks-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-tks-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-user-find-tks-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-tks-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-tks-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=-1 > $TmpDir/pki-user-find-tks-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-009: Find users for size input as noninteger, --size=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$size_noninteger > $TmpDir/pki-user-find-tks-005.out 2>&1" \ + 255 \ + "No users returned" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-tks-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-010: Find users, check for no input --size=" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size= > $TmpDir/pki-user-find-tks-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-tks-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find > $TmpDir/pki-user-find-tks-007_1.out 2>&1" \ + 0 \ + "Get all users in TKS" + user_entry_10=`cat $TmpDir/pki-user-find-tks-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=10 > $TmpDir/pki-user-find-tks-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-user-find-tks-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-tks-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-012: Find users, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=10000 > $TmpDir/pki-user-find-tks-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-tks-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-tks-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-tks-008_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-015: Find users, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=0 > $TmpDir/pki-user-find-tks-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-tks-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=-1 > $TmpDir/pki-user-find-tks-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-user-find-tks-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-017: Find users for size input as noninteger, --start=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$size_noninteger > $TmpDir/pki-user-find-tks-0011.out 2>&1" \ + 255 \ + "Incorrect input to find user" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-tks-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-018: Find users, check for no input --start= " + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start= > $TmpDir/pki-user-find-tks-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-tks-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find > $TmpDir/pki-user-find-tks-00_13_1.out 2>&1" \ + 0 \ + "Get all users in TKS" + user_entry_12=`cat $TmpDir/pki-user-find-tks-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=12 --size=12 > $TmpDir/pki-user-find-tks-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-user-find-tks-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-user-find-tks-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find > $TmpDir/pki-user-find-tks-00_14_1.out 2>&1" \ + 0 \ + "Get all users in TKS" + user_entry_12=`cat $TmpDir/pki-user-find-tks-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=12 --size=0 > $TmpDir/pki-user-find-tks-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-021: Should not be able to find user using a revoked cert TKS_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-022: Should not be able to find users using an agent with revoked cert TKS_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-023: Should not be able to find users using a valid agent TKS_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-tks-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-025: Should not be able to find users using admin user with expired cert TKS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-tks-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-026: Should not be able to find users using TKS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-tks-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-027: Should not be able to find users using a TKS_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-tks-auditV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-028: Should not be able to find users using a TKS_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-tks-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + -t tks \ + user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password -t tks user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-find-tks-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-user-find-tks-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-tks-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-tks-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-tks-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u26 > $TmpDir/pki-user-show-tks-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-tks-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-show-tks-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-tks-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} + diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-add-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-add-tks.sh new file mode 100755 index 000000000..0f62e2a78 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-add-tks.sh @@ -0,0 +1,725 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-add Add TKS user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-tks.sh +###################################################################################### + +######################################################################## +run_pki-user-cli-user-membership-add-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + rlPhaseStartSetup "pki_user_cli_user_membership-add-TKS-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tks_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-002: pki user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership > $TmpDir/pki_user_membership_cfg.out 2>&1" \ + 0 \ + "pki user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-find Find user memberships" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-add Add user membership" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-del Remove user membership" "$TmpDir/pki_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-003: pki user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add --help > $TmpDir/pki_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki user-membership-add --help" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-004: pki user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add > $TmpDir/pki_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-005: Add users to available groups using valid admin user TKS_adminV" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-tks-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-tks-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-tks-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tks-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-006: Add a user to all available groups using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show userall > $TmpDir/pki-user-membership-add-user-show-tks-userall-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-add-user-show-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-show-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-show-tks-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-tks-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tks-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show user1 > $TmpDir/pki-user-membership-add-user-show-tks-user1-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-user-membership-add-user-show-tks-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-show-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-show-tks-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-add-user-add-tks-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-009: Should be able to user-membership-add user name with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='ÖrjanÄke' u9" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-add u9 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-tks-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-tks-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-find u9" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-find-tks-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-find-tks-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-010: Should be able to user-membership-add user to group id with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-tks-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tks-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tks-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-tks-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-add-groupadd-tks-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tks-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tks-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u10 > $TmpDir/pki-user-membership-add-groupadd-find-tks-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-find-tks-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-011: Should not be able to user-membership-add using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminR -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-012: Should not be able to user-membership-add using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-013: Should not be able to user-membership-add using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminE -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-014: Should not be able to user-membership-add using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-015: Should not be able to user-membership-add using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_auditV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-016: Should not be able to user-membership-add using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-017: Should not be able to user-membership-add using TKS_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-user-membership-add-user-add-tks-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add $user2 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find $user2 > $TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" \ + 0 \ + "Find user-membership to groups of $user2" + rlAssertGrep "7 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" + rlAssertGrep "Number of entries returned 7" "$TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $TKS_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${TKS_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-tks-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tks-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add $user2 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-tks-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid4\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-tks-usertest2-019_2.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-tks-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find $user2 > $TmpDir/pki-user-membership-add-groupadd-find-tks-usertest1-019_3.out" \ + 0 \ + "Check user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-find-tks-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user u19 > $TmpDir/pki-user-add-tks-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-tks-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-tks-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tks-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-019: Should not be able to add user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -t tks user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-add-tks-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del userall > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user1 > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u19 > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-u19-001.out" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 3 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del testuser$i > $TmpDir/pki-user-membership-add-tks-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-user-membership-add-tks-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-del-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-del-tks.sh new file mode 100755 index 000000000..424607cf3 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-del-tks.sh @@ -0,0 +1,842 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-membership-del TKS CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-tks.sh +###################################################################################### + +run_pki-user-cli-user-membership-del-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + tks_instance_created="False" + + rlPhaseStartSetup "pki_user_cli_user_membership-del-TKS-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups tks-group-find + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-002: pki user-membership-del --help configuration test" + rlRun "pki user-membership-del --help > $TmpDir/pki_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki user-membership-del --help" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-003: pki user-membership-del configuration test" + rlRun "pki user-membership-del > $TmpDir/pki_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-004: Delete user-membership when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-tks-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-tks-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-tks-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tks-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del u$i \"$gid\" > $TmpDir/pki-user-membership-del-groupdel-del-tks-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupdel-del-tks-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-005: Delete user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-tks-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tks-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del userall \"$gid\" > $TmpDir/pki-user-membership-del-groupadd-tks-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupadd-tks-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del user1 > $TmpDir/pki-user-membership-del-groupadd-tks-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID>" "$TmpDir/pki-user-membership-del-groupadd-tks-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add user2 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del \"\" \"Administrators\" > $TmpDir/pki-user-membership-del-groupadd-tks-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-membership-del-groupadd-tks-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-008: Should not be able to user-membership-del using a revoked cert TKS_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-009: Should not be able to user-membership-del using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-010: Should not be able to user-membership-del using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a valid agent cert TKS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-011: Should not be able to user-membership-del using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-012: Should not be able to user-membership-del using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-013: Should not be able to user-membership-del using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-014: Should not be able to user-membership-del using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-015: Should not be able to user-membership-del using TKS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-016: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-tks-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tks-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tks-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-tks-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-tks-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-tks-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-tks-017_2.out" + rlLog "Delete user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del u10 'dadministʁasjɔ̃' > $TmpDir/pki-user-membership-del-tks-017_3.out" \ + 0 \ + "Delete user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-tks-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-tks-017_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-017: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u11 > $TmpDir/pki-user-add-tks-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-tks-018.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-tks-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u11 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-tks-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-tks-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-tks-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-del-tks-018_3.out" \ + 0 \ + "Delete user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-del-tks-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u11 > $TmpDir/pki-user-membership-del-groupadd-del-tks-018_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-del-groupadd-del-tks-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-018: Delete user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-del-user-del-tks-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-del-user-del-tks-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-del-user-del-tks-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-del-user-del-tks-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-user-membership-del-user-del-tks-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-membership-del-user-del-tks-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-membership-del-user-del-tks-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-user-membership-del-user-del-tks-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u12 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-tks-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-tks-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u12 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-tks-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-tks-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find Administrators > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u12 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find $groupid4 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_7.out" \ + 0 \ + "List members of $groupid4 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-del-user-add-tks-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tks-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-add --fullName=test_user u9" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-tks-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tks-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-user-membership-del-groupdel-del-tks-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-user-membership-del-groupdel-del-tks-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-del-tks-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 12 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del userall > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user1 > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user2 > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user123 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del testuser1 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-testuser1.out" + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-find-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-find-tks.sh new file mode 100755 index 000000000..0738eddd7 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-find-tks.sh @@ -0,0 +1,771 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-find Find TKS user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-find-tks.sh +###################################################################################### + +run_pki-user-cli-user-membership-find-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + rlPhaseStartSetup "pki_user_cli_user_membership-find-TKS-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups tks-group-find + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-002: pki user-membership-find --help configuration test" + rlRun "pki user-membership-find --help > $TmpDir/pki_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki user-membership-find --help" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-003: pki user-membership-find configuration test" + rlRun "pki user-membership-find > $TmpDir/pki_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-004: Find user-membership when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-find-user-find-tks-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-find-user-find-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-find-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-find-tks-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u$i > $TmpDir/pki-user-membership-find-user-show-tks-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-find-user-show-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-show-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-show-tks-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-tks-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-tks-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u$i > $TmpDir/pki-user-membership-find-groupadd-find-tks-00$i.out" \ + 0 \ + "Find user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-005: Find user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-find-user-find-tks-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-find-user-find-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-find-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-find-tks-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show userall > $TmpDir/pki-user-membership-find-user-show-tks-userall-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-find-user-show-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-show-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-show-tks-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-tks-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-tks-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall > $TmpDir/pki-user-membership-find-groupadd-find-tks-userall-00$i.out" \ + 0 \ + "Find user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-user-membership-find-groupadd-find-tks-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-006: Find user-membership of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=5 > $TmpDir/pki-user-membership-find-groupadd-find-tks-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-001.out" + rlAssertGrep "Group: $groupid6" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-001.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-007: Find all user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=0 > $TmpDir/pki-user-membership-find-groupadd-find-tks-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-002.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 6" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-008: Find user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=-1 > $TmpDir/pki-user-membership-find-groupadd-find-tks-start-003.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-003.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 6" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-009: Find user-memberships when page start greater than available number of groups (start=7)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=7 > $TmpDir/pki-user-membership-find-groupadd-find-tks-start-004.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-010: Should not be able to find user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-011: Find user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=0 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-012: Find user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=1 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-013: Find user-memberships when page size is 2 (size=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=2 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" 0 \ + "user_membership-find with size parameter as 2" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-014: Find user-memberships when page size is 5 (size=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=5 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-009.out" 0 \ + "user_membership-find with size parameter as 5" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-009.out" + i=1 + while [ $i -lt 6 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-015: Find user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=100 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0010.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 6" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-016: Find user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=-1 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-017: Should not be able to find user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-018: Find user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=4 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=4 --size=5 > $TmpDir/pki-user-membership-find-tks-019.out" \ + 0 \ + "Find user-membership with page start and page size option" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-tks-019.out" + i=5 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-tks-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-tks-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-019: Find user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=$maximum_check > $TmpDir/pki-user-membership-find-tks-020.out 2>&1" \ + 255 \ + "Find user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-tks-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-020: Find user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=$maximum_check > $TmpDir/pki-user-membership-find-tks-021.out 2>&1" \ + 255 \ + "Find user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-tks-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-021: Should not be able to user-membership-find using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-022: Should not be able to user-membership-find using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-023: Should not be able to user-membership-find using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid agent TKS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-024: Should not be able to user-membership-find using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired admin TKS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-025: Should not be able to user-membership-find using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired agent TKS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-026: Should not be able to user-membership-find using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid auditor TKS_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-027: Should not be able to user-membership-find using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid operator TKS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-028: Should not be able to user-membership-find using TKS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-029:Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-tks-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tks-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tks-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-tks-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u9 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-tks-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-tks-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-tks-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u9 > $TmpDir/pki-user-membership-find-groupadd-find-tks-031_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-tks-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-030: Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u10 > $TmpDir/pki-user-add-tks-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-tks-032.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-tks-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-tks-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-tks-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-tks-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-tks-032_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-tks-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-031: Find user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-find-user-find-tks-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-find-user-find-tks-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-find-user-find-tks-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-find-user-find-tks-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-user-membership-find-user-find-tks-033_2.out" 0 "Find user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-user-find-tks-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-find-tks-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del userall > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user123 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-user123.out" + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-mod-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-mod-tks.sh new file mode 100755 index 000000000..39340bc1e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-mod-tks.sh @@ -0,0 +1,1157 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-mod Modify existing users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-mod-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-user-cli-user-mod-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_user_cli_user_mod_tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + TKS_HOST=$(eval echo \$${MYROLE}) + TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + + user1=tks_user + user1fullname="Test tks user" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + user1_mod_fullname="Test tks user modified" + user1_mod_email="testtksuser@myemail.com" + user1_mod_passwd="Secret1234" + user1_mod_state="NC" + user1_mod_phone="1234567890" + randsym="" + i18nuser=i18nuser + i18nuserfullname="Örjan Äke" + i18nuser_mod_fullname="kakskümmend" + i18nuser_mod_email="kakskümmend@example.com" + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_auditV_user=${subsystemId}_auditV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-002: Modify a user's fullname in TKS using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tks-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tks-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tks-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-003: Modify a user's email,phone,state,password in TKS using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-tks-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tks-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tks-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-tks-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-tks-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tks-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-tks-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-tks-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-tks-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-005:--email with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"$randsym\" u2 > $TmpDir/pki-tks-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-tks-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-tks-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-tks-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=# u3 > $TmpDir/pki-tks-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-tks-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-tks-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-tks-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=* u4 > $TmpDir/pki-tks-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-tks-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-tks-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-tks-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=$ u5 > $TmpDir/pki-tks-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-tks-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-tks-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-tks-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=0 u6 > $TmpDir/pki-tks-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-tks-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-tks-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-tks-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-tks-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-tks-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-tks-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod-011:--state with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=\"$randsym\" u8 > $TmpDir/pki-tks-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-tks-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-tks-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-tks-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=# u9 > $TmpDir/pki-tks-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-tks-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tks-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-tks-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=* u10 > $TmpDir/pki-tks-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-tks-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tks-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-tks-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=$ u11 > $TmpDir/pki-tks-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-tks-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tks-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-tks-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=0 u12 > $TmpDir/pki-tks-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-tks-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tks-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-tks-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-tks-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-tks-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tks-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-017:--phone with maximum length and symbols " + randsym_b64=$(openssl rand -base64 8193 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test usr1" + special_symbols="#$@*" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone='$randsym$special_symbols' usr1" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-018:--phone with maximum length and numbers only " + randhex=$(openssl rand -hex 1024) + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone=\"$randsym\" usr1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-tks-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"usr1\"" "$TmpDir/pki-tks-user-mod-018.out" + rlAssertGrep "User ID: usr1" "$TmpDir/pki-tks-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-tks-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone=-1230 u14 > $TmpDir/pki-tks-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-tks-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-tks-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-tks-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-023-tier1: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_user_cli_user_mod-tks-024-tier1: Modify a user -- all options provided" + email="tks_user2@myemail.com" + user_password="tksuser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-tks-user-mod-025.out" \ + 0 \ + "Modify user u15 to TKS -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-028: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_tks-029: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-030: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_tks-031: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using audit users##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-032: Should not be able to modify user using an auditor user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_user_cli_user_mod_tks-033: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as TKS_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted TKS users##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-034: Should not be able to modify user using a cert created from a untrusted TKS role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_user_cli_user_mod_tks-035: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' u17" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-036: Modify a user in TKS using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-037: Modify a user in TKS using TKS admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show u16 > $TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"\" u16 > $TmpDir/pki-tks-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tks-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-038: Modify a user in TKS using TKS_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show u16 > $TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-039: Modify a user in TKS using an admin user in TKS - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show u16 > $TmpDir/pki-tks-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify TKS users with the same value #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-040: Modify a user in TKS using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show $user1 > $TmpDir/pki-tks-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-tks-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tks-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tks-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tks-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tks-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify CA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-041: Modify a user in TKS using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show u16 > $TmpDir/pki-tks-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-tks-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"$email\" u16 > $TmpDir/pki-tks-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tks-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify TKS users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-042: Modify a user's fullname having i18n chars in TKS using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-tks-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-tks-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-tks-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-tks-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify TKS users having i18n chars in email #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-043: Modify a user's email having i18n chars in TKS using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_user_cli_user_tks_cleanup: Deleting role users" + + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del usr$i > $TmpDir/pki-usr-del-tks-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-tks-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $i18nuser > $TmpDir/pki-user-del-tks-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-user-del-tks-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh new file mode 100755 index 000000000..0db5663dd --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh @@ -0,0 +1,1193 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-show Show TKS users +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-show-tks.sh +###################################################################################### + +######################################################################## +run_pki-user-cli-user-show-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + rlPhaseStartSetup "pki_user_cli_user_show-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + #local variables + user1=tks_agent2 + user1fullname="Test tks_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + + rlPhaseStartTest "pki_user_show-configtest: pki user-show configuration test" + rlRun "pki user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \ + 0 \ + "pki user-show" + rlAssertGrep "usage: user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_user_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TKS users #### + rlPhaseStartTest "pki_user_cli_user_show-TKS-001: Add user to TKS using TKS_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user1 > $TmpDir/pki-user-show-tks-001.out" \ + 0 \ + "Show user $user1" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-show-tks-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-show-tks-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tks-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user2 > $TmpDir/pki-user-show-tks-001_1.out" \ + 0 \ + "Show $user2 user" + rlAssertGrep "User \"$user2\"" "$TmpDir/pki-user-show-tks-001_1.out" + actual_userid_string=`cat $TmpDir/pki-user-show-tks-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user3 > $TmpDir/pki-user-show-tks-001_2.out" \ + 0 \ + "Show $user3 user" + rlAssertGrep "User \"$user3\"" "$TmpDir/pki-user-show-tks-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-show-tks-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user4 > $TmpDir/pki-user-show-tks-001_3.out" \ + 0 \ + "Show $user4 user" + rlAssertGrep "User \"$user4\"" "$TmpDir/pki-user-show-tks-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-show-tks-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user5 > $TmpDir/pki-user-show-tks-001_4.out" \ + 0 \ + "Show $user5 user" + rlAssertGrep "User \"$user5\"" "$TmpDir/pki-user-show-tks-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-show-tks-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user6 > $TmpDir/pki-user-show-tks-001_5.out" \ + 0 \ + "Show $user6 user" + rlAssertGrep "User \"$user6\"" "$TmpDir/pki-user-show-tks-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-show-tks-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user7 > $TmpDir/pki-user-show-tks-001_6.out" \ + 0 \ + "Show user $user7" + rlAssertGrep "User \"$user7\"" "$TmpDir/pki-user-show-tks-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-show-tks-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u1 > $TmpDir/pki-user-show-tks-001_7.out" \ + 0 \ + "Show user u1" + rlAssertGrep "User \"u1\"" "$TmpDir/pki-user-show-tks-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-user-show-tks-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-show-tks-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u2 > $TmpDir/pki-user-show-tks-001_8.out" \ + 0 \ + "Show user u2" + rlAssertGrep "User \"u2\"" "$TmpDir/pki-user-show-tks-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-user-show-tks-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-show-tks-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u3 > $TmpDir/pki-user-show-tks-001_9.out" \ + 0 \ + "Add user u3" + rlAssertGrep "User \"u3\"" "$TmpDir/pki-user-show-tks-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-user-show-tks-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-user-show-tks-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u4 > $TmpDir/pki-user-show-tks-001_10.out" \ + 0 \ + "Show user u4 using ${prefix}_adminV" + rlAssertGrep "User \"u4\"" "$TmpDir/pki-user-show-tks-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-user-show-tks-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-user-show-tks-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u5 > $TmpDir/pki-user-show-tks-001_11.out" \ + 0 \ + "Show user u5 using ${prefix}_adminV" + rlAssertGrep "User \"u5\"" "$TmpDir/pki-user-show-tks-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-user-show-tks-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-user-show-tks-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u6 > $TmpDir/pki-user-show-tks-001_12.out" \ + 0 \ + "Show user u6 using ${prefix}_adminV" + rlAssertGrep "User \"u6\"" "$TmpDir/pki-user-show-tks-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-user-show-tks-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-user-show-tks-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u7 > $TmpDir/pki-user-show-tks-001_13.out" \ + 0 \ + "Show user u7 using ${prefix}_adminV" + rlAssertGrep "User \"u7\"" "$TmpDir/pki-user-show-tks-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-user-show-tks-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-show-tks-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-tks-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-tks-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u8 > $TmpDir/pki-user-show-tks-001_14.out" \ + 0 \ + "Show user u8 using ${prefix}_adminV" + rlAssertGrep "User \"u8\"" "$TmpDir/pki-user-show-tks-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-user-show-tks-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-show-tks-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-tks-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-tks-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u9 > $TmpDir/pki-user-show-tks-001_15.out" \ + 0 \ + "Show user u9 using ${prefix}_adminV" + rlAssertGrep "User \"u9\"" "$TmpDir/pki-user-show-tks-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-show-tks-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-user-show-tks-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u10 > $TmpDir/pki-user-show-tks-001_16.out" \ + 0 \ + "Show user u10 using ${prefix}_adminV" + rlAssertGrep "User \"u10\"" "$TmpDir/pki-user-show-tks-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-show-tks-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-user-show-tks-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u11 > $TmpDir/pki-user-show-tks-001_17.out" \ + 0 \ + "Show user u11 using ${prefix}_adminV" + rlAssertGrep "User \"u11\"" "$TmpDir/pki-user-show-tks-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-show-tks-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-user-show-tks-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u12 > $TmpDir/pki-user-show-tks-001_18.out" \ + 0 \ + "Show pki ${prefix}_adminV user" + rlAssertGrep "User \"u12\"" "$TmpDir/pki-user-show-tks-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-show-tks-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-user-show-tks-001_18.out" + rlPhaseEnd + + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html + rlPhaseStartTest "pki_user_cli_user_show-TKS-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u13 > $TmpDir/pki-user-show-tks-001_19.out" \ + 0 \ + "Show user u13 using ${prefix}_adminV" + rlAssertGrep "User \"u13\"" "$TmpDir/pki-user-show-tks-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-user-show-tks-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-tks-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-show u14 > $TmpDir/pki-user-show-tks-001_24.out" \ + 0 \ + "Show user u14 using ${prefix}_adminV" + rlAssertGrep "User \"u14\"" "$TmpDir/pki-user-show-tks-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-user-show-tks-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-show-tks-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u15 > $TmpDir/pki-user-show-tks-001_25.out" \ + 0 \ + "Show user u15 using ${prefix}_adminV" + rlAssertGrep "User \"u15\"" "$TmpDir/pki-user-show-tks-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-show-tks-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-show-tks-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u16 > $TmpDir/pki-user-show-tks-001_26.out" \ + 0 \ + "Show user u16 using ${prefix}_adminV" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-user-show-tks-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-show-tks-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-show-tks-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u17 > $TmpDir/pki-user-show-tks-001_27.out" \ + 0 \ + "Show user u17 using ${prefix}_adminV" + rlAssertGrep "User \"u17\"" "$TmpDir/pki-user-show-tks-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-user-show-tks-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-show-tks-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-show u18 > $TmpDir/pki-user-show-tks-001_28.out" \ + 0 \ + "Show user u18 using ${prefix}_adminV" + rlAssertGrep "User \"u18\"" "$TmpDir/pki-user-show-tks-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-user-show-tks-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-user-show-tks-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u19 > $TmpDir/pki-user-show-tks-001_29.out" \ + 0 \ + "Show user u19 using ${prefix}_adminV" + rlAssertGrep "User \"u19\"" "$TmpDir/pki-user-show-tks-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-show-tks-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-show-tks-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u20 > $TmpDir/pki-user-show-tks-001_30.out" \ + 0 \ + "Show user u20 using ${prefix}_adminV" + rlAssertGrep "User \"u20\"" "$TmpDir/pki-user-show-tks-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-show-tks-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-show-tks-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u21 > $TmpDir/pki-user-show-tks-001_31.out" \ + 0 \ + "Show user u21 using ${prefix}_adminV" + rlAssertGrep "User \"u21\"" "$TmpDir/pki-user-show-tks-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-user-show-tks-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-show-tks-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-029: Show user with -t tks option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u22 > $TmpDir/pki-user-show-tks-001_32.out" \ + 0 \ + "Show user u22 using ${prefix}_adminV" + rlAssertGrep "User \"u22\"" "$TmpDir/pki-user-show-tks-001_32.out" + rlAssertGrep "User ID: u22" "$TmpDir/pki-user-show-tks-001_32.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tks-001_32.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23 > $TmpDir/pki-user-show-tks-001_33.out" \ + 0 \ + "Show user u23 using ${prefix}_adminV" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-show-tks-001_33.out" + rlPhaseEnd + + #Negative Cases + rlPhaseStartTest "pki_user_cli_user_show-TKS-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show U23 > $TmpDir/pki-user-show-tks-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-show-tks-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-033: Should not be able to show user using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-034: Should not be able to show user using a agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-035: Should not be able to show user using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-036: Should not be able to show user using a TKS_agentR user" + rlLog "To test error message consistency for the request pki_user_cli_user_show-TKS-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tks user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-037: Should not be able to show user using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-038: Should not be able to show user using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-039: Should not be able to show user using a TKS_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a audit cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-040: Should not be able to show user using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23 > $TmpDir/pki-user-show-tks-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-tks-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-tks-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-show-tks-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-tks-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show \"$user_length_exceed_max\" > $TmpDir/pki-user-show-tks-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-tks-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-044: user name with i18n characters" + rlLog "user-add user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-user-show-tks-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-user-show-tks-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-045: user name with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-user-show-tks-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u25 > $TmpDir/pki-user-show-tks-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-user-show-tks-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-tks-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-user-show-tks-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance is not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-add-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-add-tps.sh new file mode 100755 index 000000000..e1fba8902 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-add-tps.sh @@ -0,0 +1,1547 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-add Add users to pki TPS subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-user-cli-user-add-tps.sh +######################################################################## +run_pki-user-cli-user-add-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + rlPhaseStartSetup "pki_user_cli_user_add-tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + if [ "$tps_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli-configtest: pki user --help configuration test" + rlRun "pki user --help > $TmpDir/pki_user_cfg.out 2>&1" \ + 0 \ + "pki user --help" + rlAssertGrep "user-find Find users" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-show Show user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-add Add user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-mod Modify user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-del Remove user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-cert User certificate management commands" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-membership User membership management commands" "$TmpDir/pki_user_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-configtest: pki user-add configuration test" + rlRun "pki user-add --help > $TmpDir/pki_user_add_cfg.out 2>&1" \ + 0 \ + "pki user-add --help" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--email <email> Email" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--password <password> Password" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--state <state> State" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--type <type> Type" "$TmpDir/pki_user_add_cfg.out" + rlPhaseEnd + + ##### Tests to add TPS users using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_user_cli_user_add-TPS-001: Add a user to TPS using TPS_adminV" + user1=tps_agent2 + user1fullname="Test tps_agent" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -t tps -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-001.out" 0 "Add user $user1 to TPS_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-tps-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-tps-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-tps-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-tps-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-user-add-tps-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-003:User id with # character" + user3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user3 > $TmpDir/pki-user-add-tps-001_2.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-user-add-tps-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-add-tps-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-004:User id with $ character" + user4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user4 > $TmpDir/pki-user-add-tps-001_3.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-user-add-tps-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-add-tps-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-005:User id with @ character" + user5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user5 > $TmpDir/pki-user-add-tps-001_4.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-user-add-tps-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-add-tps-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-006:User id with ? character" + user6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user6 > $TmpDir/pki-user-add-tps-001_5.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-user-add-tps-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-add-tps-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-007:User id as 0" + user7=0 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user7 > $TmpDir/pki-user-add-tps-001_6.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-user-add-tps-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-add-tps-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-user-add-tps-001_7.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-user-add-tps-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-user-add-tps-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-add-tps-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email='$email' u2 > $TmpDir/pki-user-add-tps-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-user-add-tps-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-user-add-tps-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-add-tps-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-010:--email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=# u3 > $TmpDir/pki-user-add-tps-001_9.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-user-add-tps-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-user-add-tps-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-user-add-tps-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-011:--email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=* u4 > $TmpDir/pki-user-add-tps-001_10.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-user-add-tps-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-user-add-tps-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-user-add-tps-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-012:--email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=$ u5 > $TmpDir/pki-user-add-tps-001_11.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-user-add-tps-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-user-add-tps-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-user-add-tps-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-013:--email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=0 u6 > $TmpDir/pki-user-add-tps-001_12.out " \ + 0 \ + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-user-add-tps-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-user-add-tps-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-user-add-tps-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-user-add-tps-001_13.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-user-add-tps-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-user-add-tps-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-add-tps-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-tps-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-tps-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state='$state' u8 > $TmpDir/pki-user-add-tps-001_14.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-user-add-tps-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-user-add-tps-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-add-tps-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-tps-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-tps-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-016:--state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state=# u9 > $TmpDir/pki-user-add-tps-001_15.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tps-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tps-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-user-add-tps-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-017:--state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state=* u10 > $TmpDir/pki-user-add-tps-001_16.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-tps-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-tps-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-user-add-tps-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-018:--state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state=$ u11 > $TmpDir/pki-user-add-tps-001_17.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-tps-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-tps-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-user-add-tps-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-019:--state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state=0 u12 > $TmpDir/pki-user-add-tps-001_18.out " \ + 0 \ + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-add-tps-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-add-tps-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-user-add-tps-001_18.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-user-add-tps-001_19.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-user-add-tps-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-user-add-tps-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-tps-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-user-add-tps-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tps-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tps-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-022:--phone with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --phone=# usr2 > $TmpDir/pki-user-add-tps-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tps-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tps-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-023:--phone with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --phone=* usr3 > $TmpDir/pki-user-add-tps-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tps-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tps-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-024:--phone with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-user-add-tps-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tps-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tps-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-025:--phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-user-add-tps-001_24.out " \ + 0 \ + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-user-add-tps-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-user-add-tps-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-add-tps-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-026:--type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-user-add-tps-001_25.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-tps-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-tps-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-add-tps-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-027:--type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-user-add-tps-001_26.out" \ + 0 \ + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-user-add-tps-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-add-tps-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-add-tps-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-028:--type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-user-add-tps-001_27.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-user-add-tps-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-user-add-tps-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-add-tps-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-029:--type Subsytem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-user-add-tps-001_28.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-user-add-tps-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-user-add-tps-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_28.out" + rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-add-tps-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-030:--type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-user-add-tps-001_29.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-tps-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-tps-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-add-tps-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-031:--type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-user-add-tps-001_30.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-tps-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-tps-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-add-tps-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-032:--type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-user-add-tps-001_31.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-user-add-tps-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-user-add-tps-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-add-tps-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-033:--type Dummy Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-user-add-tps-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-user-add-tps-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-user-add-tps-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-user-add-tps-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-user-add-tps-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tps-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-034: Add a duplicate user to TPS" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-tps-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-tps-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-036: Add a user -- missing required option user id" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" > $TmpDir/pki-user-add-tps-004.out" \ + 255 \ + "Add user -- missing required option user id" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-user-add-tps-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-037: Add a user -- missing required option --fullName" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add $user1 > $TmpDir/pki-user-add-tps-005.out 2>&1" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-038: Add a user -- all options provided" + email="tps_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23 > $TmpDir/pki-user-add-tps-006_1.out" \ + 0 \ + "Add user u23 to TPS -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-user-add-tps-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-add-tps-006_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-tps-006_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-tps-006_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-tps-006_1.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-tps-006_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-add-tps-006_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-039: Add user to multiple groups" + user=u24 + userfullname="Multiple Group User" + email="multiplegroup@myemail.com" + user_password="admin2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$userfullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + $user > $TmpDir/pki-user-add-tps-006.out " \ + 0 \ + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-user-add-tps-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-add-tps-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-user-add-tps-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-tps-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-tps-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-add-tps-006.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-member-add Administrators $user > $TmpDir/pki-user-add-tps-007_1.out" \ + 0 \ + "Add user $user to Administrators group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-tps-007_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-user-add-tps-007_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-member-find Administrators > $TmpDir/pki-user-add-tps-007.out" \ + 0 \ + "Show pki group-member-find Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-member-add \"Data Recovery Manager Agents\" $user > $TmpDir/pki-user-add-tps-007_1_1.out" \ + 0 \ + "Add user $user to Data Recovery Manager Agents group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-tps-007_1_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-user-add-tps-007_1_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-member-find \"Data Recovery Manager Agents\" > $TmpDir/pki-user-add-tps-007_2.out" \ + 0 \ + "Show pki group-member-find Data Recovery Manager Agents" + + rlAssertGrep "User: $user" "$TmpDir/pki-user-add-tps-007_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-040: Add user with --password less than 8 characters" + userpw="pass" + expmsg="PKIException: The password must be at least 8 characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-tps-008.out 2>&1" \ + 255 \ + "Add a user --must be at least 8 characters --password" + rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-tps-008.out" + rlPhaseEnd + + ##### Tests to add users using revoked cert##### + rlPhaseStartTest "pki_user_cli_user_add-TPS-041: Should not be able to add user using a revoked cert TPS_adminR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tps-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-042: Should not be able to add user using a agent with revoked cert TPS_agentR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tps-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add users using an agent user##### + rlPhaseStartTest "pki_user_cli_user_add-TPS-043: Should not be able to add user using a valid agent TPS_agentV user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tps-agentV-002.out" + rlPhaseEnd + + ##### Tests to add users using CA_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_user_cli_user_add-TPS-044: Should not be able to add user using a TPS_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tps-agentUTCA-002.out" + rlPhaseEnd + + ##### Tests to add users using expired cert##### + rlPhaseStartTest "pki_user_cli_user_add-TPS-045: Should not be able to add user using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tps-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-tps-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-046: Should not be able to add user using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-tps-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-tps-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add users using officer users##### + rlPhaseStartTest "pki_user_cli_user_add-TPS-047: Should not be able to add user using a TPS_officerV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_officerV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_officerV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-officerV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a officer cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tps-officerV-002.out" + rlPhaseEnd + + + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_user_cli_user_add-TPS-048: Should not be able to add user using a TPS_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tps-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-049: Should not be able to add user using a cert created from a untrusted TPS TPS_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tps-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tps-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-user-add-tps-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-user-add-tps-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-tps-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-051: fullname with i18n characters" + rlLog "user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-user-add-tps-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-user-add-tps-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-add-tps-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-add-tps-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-052: fullname with i18n characters" + rlLog "user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='Éric Têko' u27 > $TmpDir/pki-user-add-tps-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-user-add-tps-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-user-add-tps-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-add-tps-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-053: fullname with i18n characters" + rlLog "user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-user-add-tps-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-user-add-tps-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-tps-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-user-add-tps-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u28 > $TmpDir/pki-user-add-tps-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-user-add-tps-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-tps-001_53_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-054: fullname with i18n characters" + rlLog "user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-user-add-tps-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-user-add-tps-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-tps-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u29 > $TmpDir/pki-user-add-tps-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-user-add-tps-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-tps-001_54_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-055: fullname with i18n characters" + rlLog "user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-user-add-tps-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-user-add-tps-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-tps-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u30 > $TmpDir/pki-user-add-tps-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-user-add-tps-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-tps-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-056: user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-057: userid with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-058: email address with i18n characters" + rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tps user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-059: email address with i18n characters" + rlLog "user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-060: password with i18n characters" + rlLog "user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-user-add-tps-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-user-add-tps-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u31 > $TmpDir/pki-user-add-tps-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-user-add-tps-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-061: password with i18n characters" + rlLog "user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-user-add-tps-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-user-add-tps-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u32 > $TmpDir/pki-user-add-tps-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-user-add-tps-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-062: type with i18n characters" + rlLog "user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-user-add-tps-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-user-add-tps-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-tps-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u33 > $TmpDir/pki-user-add-tps-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-user-add-tps-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-tps-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-063: type with i18n characters" + rlLog "user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-user-add-tps-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-user-add-tps-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-tps-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u34 > $TmpDir/pki-user-add-tps-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-user-add-tps-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-tps-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-064: state with i18n characters" + rlLog "user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state='čå' u35 > $TmpDir/pki-user-add-tps-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-user-add-tps-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-tps-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u35 > $TmpDir/pki-user-add-tps-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-user-add-tps-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-tps-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-065: state with i18n characters" + rlLog "user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state='йč' u36 > $TmpDir/pki-user-add-tps-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-user-add-tps-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-tps-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u36 > $TmpDir/pki-user-add-tps-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-user-add-tps-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-tps-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-add-tps-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tps-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t tps \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t tps \ + user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TPS-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t tps \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t tps \ + user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting users" + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del '$usr' > $TmpDir/pki-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-user-del-tps-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-user-del-tps-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-user-del-tps-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del $pki_user > $TmpDir/pki-user-del-user-tps-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-user-del-user-tps-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not created." + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-add-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-add-tps.sh new file mode 100755 index 000000000..538f0c400 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-add-tps.sh @@ -0,0 +1,2402 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-add-tps Add certs to users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-add-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-add-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + ##### Create a temporary directory to save output files and initializing host/port variables ##### + rlPhaseStartSetup "pki_user_cli_user_cert-add-tps-startup: Create temporary directory and initializing host/port variables" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to add certs to TPS users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-002: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_002crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-add-tps-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_tps_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_tps_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_tps_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_004crmf.out > $TmpDir/pki_tps_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_tps_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_005crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_tps_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-006: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_006crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add --input $TmpDir/pki_tps_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add --input $TmpDir/pki_tps_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-007: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $user2" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_009crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tps_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tps_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_tps_user_cert-add-tps-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0018pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0018crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0018crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0018crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_tps_user_cli_tps_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add Administrators admin_user > $TmpDir/pki-tps-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add Administrators admin_user1 > $TmpDir/pki-tps-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add admin_user --input $TmpDir/pki_tps_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add admin_user --input $TmpDir/pki_tps_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tps_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tps_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tps_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tps_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tps_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user1 --input $TmpDir/pki_tps_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add admin_user1 --input $TmpDir/pki_tps_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_tps_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tps_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tps_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tps_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tps_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tps_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-TPS-0020: Adding a cert as a TPS agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid TPS agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid TPS agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid officer user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0021: Adding a cert as valid TPS officer user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a TPS officer user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0022: Adding a cert as TPS_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TPS_HOST -p $TPS_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TPS_HOST -p $TPS_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0027crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_adminUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as TPS_agentUTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0027: Adding a cert as TPS_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0028crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_agentUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user TPS_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an TPS_operatorV ##### + +rlPhaseStartTest "pki_user_cli_user_cert-TPS-add-0028: Adding a cert as TPS_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TPS_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_user_cli_user_cert-TPS-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --input $TmpDir/pki_tps_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add --input $TmpDir/pki_tps_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add --input $TmpDir/pki_tps_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_tps_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add --input $TmpDir/pki_tps_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add --input $TmpDir/pki_tps_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_tps_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_user_cli_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_tps_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_tps_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_tps_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_tps_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_tps_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tps_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tps_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_tps_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tps_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tps_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_user_cli_tps_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tps-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# group-member-add Administrators $userid > $TmpDir/pki-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanp "pki_tps_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $usr > $TmpDir/pki-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $usr > $TmpDir/pki-user-del-tps-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TPS instance not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-delete-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-delete-tps.sh new file mode 100755 index 000000000..2464d6210 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-delete-tps.sh @@ -0,0 +1,879 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-delete-tps Delete the certs assigned to users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-delete-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-delete-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + ##### Create temporary directory to save output files##### + rlPhaseStartSetup "pki_user_cli_user_cert-del-tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Tests to delete certs assigned to TPS users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-002-tier1: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tps_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tps_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tps_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tps_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-003: pki user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tps_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tps_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tps_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tps_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-004: pki user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-005: pki user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-006-tier1: pki user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-007-tier1: pki user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-008: Delete certs assigned to a user - as TPS_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_officerV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-009: Delete certs assigned to a user - as TPS_officerV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid officer cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid officer cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-0010: Delete certs assigned to a user - as TPS_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-0011: Delete certs assigned to a user - as TPS_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-0012: Delete certs assigned to a user - as TPS_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-0013: Delete certs assigned to a user - as TPS_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TPS_operatorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-TPS-0015: Delete certs assigned to a user - as TPS_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to TPS users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_tps_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_tps_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_tps_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_tps_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tps-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add Administrators admin_user > $TmpDir/pki-user-add-tps-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-tps-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_tps_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_tps_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add admin_user --input $TmpDir/pki_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add admin_user --input $TmpDir/pki_tps_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_tps_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tps_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tps_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tps_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tps_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tps_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT -t tps user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add admin_user1 --input $TmpDir/pki_tps_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add admin_user1 --input $TmpDir/pki_tps_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_tps_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tps_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tps_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tps_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tps_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tps_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT -t tps user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tps_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $usr > $TmpDir/pki-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TPS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-find-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-find-tps.sh new file mode 100755 index 000000000..d57e082f3 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-find-tps.sh @@ -0,0 +1,1125 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-find-tps Finding the certs assigned to users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-user-cli-tps-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-find-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + #####Create temporary dir to save the output files##### + rlPhaseStartSetup "pki_user_cli_user_cert-find-tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Find certs assigned to a TPS user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-002: Find the certs of a user in TPS --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_tps_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_tps_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 > $TmpDir/pki_tps_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tps_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tps_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TPS user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-003: Find the certs of a user in TPS --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_tps_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_tps_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 > $TmpDir/pki_tps_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tps_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-004: Find the certs of a user in TPS --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-005: Find the certs of a user in TPS --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user3 > $TmpDir/pki_tps_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_tps_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-006: Find the certs of a user in TPS --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --size=2 > $TmpDir/pki_tps_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_tps_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_tps_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_tps_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-007: Find the certs of a user in TPS --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --size=0 > $TmpDir/pki_tps_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tps_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-008: Find the certs of a user in TPS --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-009: Find the certs of a user in TPS --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --size=50 > $TmpDir/pki_tps_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tps_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tps_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-010: Find the certs of a user in TPS --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --start=2 > $TmpDir/pki_tps_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_tps_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_tps_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_tps_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-011: Find the certs of a user in TPS --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --start=0 > $TmpDir/pki_tps_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tps_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tps_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-012: Find the certs of a user in TPS --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=0 > $TmpDir/pki_tps_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tps_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=-1 #### + +rlPhaseStartTest "pki_user_cli_tps_user_cert-find-tps-013: Find the certs of a user in TPS --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=50 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-014: Find the certs of a user in TPS --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --start=50 > $TmpDir/pki_tps_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tps_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-015: Find the certs of a user in TPS --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_tps_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tps_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-016: Find the certs of a user in TPS --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_tps_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_tps_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $newuserid --input $TmpDir/pki_tps_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $newuserid --input $TmpDir/pki_tps_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $newuserid --input $TmpDir/pki_tps_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $newuserid --input $TmpDir/pki_tps_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $newuserid > $TmpDir/pki_tps_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_tps_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_tps_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-017: Find the certs of a user in TPS --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-018: Find the certs of a user in TPS --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_tps_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_tps_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-019: Find the certs of a user in TPS --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_tps_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tps_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-020: Find the certs of a user in TPS --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_tps_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_tps_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a TPS user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-021: Find the certs of a user in TPS --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_tps_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tps_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tps_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tps_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to TPS users - i18n characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_tps_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_tps_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-find $user1 > $TmpDir/pki_tps_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tps_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tps_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-023: Find the certs of a user as TPS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a valid officer user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-024: Find the certs of a user as TPS_officerV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a valid officer user" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-025: Find the certs of a user as TPS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-026: Find the certs of a user as TPS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-027: Find the certs of a user as TPS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-028: Find the certs of a user as TPS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a user whose TPS cert has not been trusted ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a TPS user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TPS user - userid is missing ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a TPS user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tps-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tps_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $usr > $TmpDir/pki-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TPS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-show-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-show-tps.sh new file mode 100755 index 000000000..b5baf9d85 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-show-tps.sh @@ -0,0 +1,1116 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-show-tps Show the certs assigned to users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-show-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-show-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + ##### Create temporary directory to save output files ##### + rlPhaseStartSetup "pki_user_cli_user_cert-show-tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to find certs assigned to TPS users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_tps_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_002crmf.out > $TmpDir/pki_tps_user_cert_show_validcert_002crmf.pem" + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_show_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_tps_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user2 --input $TmpDir/pki_tps_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_tps_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-003: pki user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-004: pki user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-005: pki user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-006-tier1: pki user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-007-tier1: pki user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tps_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tps_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-009: pki user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0010: pki user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0012: pki user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0013: pki user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 --output $TmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0014: pki user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tps_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tps_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0015: pki user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tps_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0017: pki user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0018: pki user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0019-tier1: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_tps_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_tps_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_tps_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_tps_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tps_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tps_user_cert_show_pkcs10_output0019 > $TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tps_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tps_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/tps_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tps_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tps_user_cert_show_crmf_output0019 > $TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tps_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tps_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/tps_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0020: Show certs assigned to a user - as TPS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_officerV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0021: Show certs assigned to a user - as TPS_officerV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid officer cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid officer cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0022: Show certs assigned to a user - as TPS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0023: Show certs assigned to a user - as TPS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0024: Show certs assigned to a user - as TPS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0025: Show certs assigned to a user - as TPS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TPS operator user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0027: Show certs assigned to a user - as TPS operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tps_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tps_user_cert_show_pkcs10_output0028 > $TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tps_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tps_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/tps_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tps_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tps_user_cert_show_crmf_output0028 > $TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tps_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tps_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tps_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/tps_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-0031: pki user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to TPS users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tps-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_tps_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tps_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_tps_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_tps_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_0032.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add $user1 --input $TmpDir/pki_tps_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_tps_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tps_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartCleanup "pki_tps_user_cli_user_cleanup: Deleting role users" + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $usr > $TmpDir/pki-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TPS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-del-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-del-tps.sh new file mode 100755 index 000000000..682cc551a --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-del-tps.sh @@ -0,0 +1,728 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-del Delete pki subsystem TPS users. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-del.sh +######################################################################## + +run_pki-user-cli-user-del-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + rlPhaseStartSetup "pki_user_cli_user_del-TPS-tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$tps_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli_user_del-TPS-tps-configtest-001: pki user-del --help configuration test" + rlRun "pki user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki user-del --help" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-tps-configtest-002: pki user-del configuration test" + rlRun "pki user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki user-del" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-user1-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let i=$i+1 + done + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test_user $usr" + let i=$i+1 + done + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del $usr > $TmpDir/pki-user-del-tps-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del USER_ABC > $TmpDir/pki-user-del-tps-user-002_1.out" \ + 0 \ + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-user-del-tps-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del > $TmpDir/pki-user-del-tps-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/pki-user-del-tps-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-tps-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del \"$user2\" > $TmpDir/pki-user-del-tps-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-tps-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test '$userid' > $TmpDir/pki-user-add-tps-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del '$userid' > $TmpDir/pki-user-del-tps-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-tps-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show '$userid' > $TmpDir/pki-user-del-tps-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-user-del-tps-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test tps_agent" + email="tps_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-user-add-tps-008.out" \ + 0 \ + "Add user $user1 to TPS -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user1 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tps-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del $user1 > $TmpDir/pki-user-del-tps-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-user-del-tps-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-user-add-tps-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u22 > $TmpDir/pki-user-del-tps-user-009.out" \ + 0 \ + "Deleting user u22 using -t tps option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-user-del-tps-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-010: Should not be able to delete user using a revoked cert TPS_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-user-add-tps-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u23 > $TmpDir/pki-user-show-tps-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-tps-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tps-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-tps-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-011: Should not be able to delete user using a agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u23 > $TmpDir/pki-user-show-tps-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-tps-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tps-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-tps-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u23 > $TmpDir/pki-user-del-tps-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-012: Should not be able to delete user using a valid agent TPS_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-user-add-tps-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u24 > $TmpDir/pki-user-show-tps-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tps-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tps-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tps-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-013: Should not be able to delete user using a admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u24 > $TmpDir/pki-user-show-tps-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tps-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tps-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tps-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-014: Should not be able to delete a user using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u24 > $TmpDir/pki-user-show-tps-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tps-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tps-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tps-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-015: Should not be able to delete user using a TPS_officerV" + command="pki -d $CERTDB_DIR -n ${prefix}_officerV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a officer cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u24 > $TmpDir/pki-user-show-tps-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tps-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tps-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tps-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-016: Should not be able to delete user using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u24 > $TmpDir/pki-user-show-tps-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tps-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tps-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tps-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u24 > $TmpDir/pki-user-show-tps-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tps-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tps-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tps-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-del-tps-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-del-tps-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u24 > $TmpDir/pki-user-show-tps-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tps-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tps-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tps-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u24 > $TmpDir/pki-user-del-tps-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-019: delete user name with i18n characters" + rlLog "user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-user-add-tps-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-tps-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-tps-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u19 > $TmpDir/pki-user-del-tps-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-tps-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TPS-020: delete username with i18n characters" + rlLog "user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-user-add-tps-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-tps-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-tps-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u20 > $TmpDir/pki-user-del-tps-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-tps-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_del-tps_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-find-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-find-tps.sh new file mode 100755 index 000000000..f440a864e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-find-tps.sh @@ -0,0 +1,804 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-find To list users in TPS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Laxmi Sunkara <lsunkara@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-user-cli-user-find.sh +######################################################################## + +run_pki-user-cli-user-find-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory + rlPhaseStartSetup "pki user-find-tps Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tps_instance_created" = "TRUE" ] ; then + user1=tps_agent2 + user1fullname="Test tps_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + + rlPhaseStartSetup "pki_user_cli_user_find-tps-startup-addusers: Add users" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-configtest-001: pki user-find --help configuration test" + rlRun "pki user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki user-find --help" + rlAssertGrep "usage: user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-configtest-002: pki user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-003: Find 5 users, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=5 > $TmpDir/pki-user-find-tps-001.out 2>&1" \ + 0 \ + "Found 5 users" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-find-tps-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-004: Find non user, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=0 > $TmpDir/pki-user-find-tps-002.out 2>&1" \ + 0 \ + "Found no users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tps-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-005: Find all users, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$large_num > $TmpDir/pki-user-find-tps-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-user-find-tps-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-tps-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-user-find-tps-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-tps-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-tps-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=-1 > $TmpDir/pki-user-find-tps-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tps-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-009: Find users for size input as noninteger, --size=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$size_noninteger > $TmpDir/pki-user-find-tps-005.out 2>&1" \ + 255 \ + "No users returned" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-tps-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-010: Find users, check for no input --size=" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size= > $TmpDir/pki-user-find-tps-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-tps-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find > $TmpDir/pki-user-find-tps-007_1.out 2>&1" \ + 0 \ + "Get all users in TPS" + user_entry_10=`cat $TmpDir/pki-user-find-tps-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=10 > $TmpDir/pki-user-find-tps-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-user-find-tps-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-tps-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-012: Find users, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=10000 > $TmpDir/pki-user-find-tps-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tps-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-tps-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tps-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-tps-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-tps-008_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-015: Find users, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=0 > $TmpDir/pki-user-find-tps-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-tps-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=-1 > $TmpDir/pki-user-find-tps-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-user-find-tps-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-017: Find users for size input as noninteger, --start=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=$size_noninteger > $TmpDir/pki-user-find-tps-0011.out 2>&1" \ + 255 \ + "Incorrect input to find user" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-tps-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-018: Find users, check for no input --start= " + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start= > $TmpDir/pki-user-find-tps-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-tps-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find > $TmpDir/pki-user-find-tps-00_13_1.out 2>&1" \ + 0 \ + "Get all users in TPS" + user_entry_12=`cat $TmpDir/pki-user-find-tps-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=12 --size=12 > $TmpDir/pki-user-find-tps-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-user-find-tps-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-user-find-tps-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find > $TmpDir/pki-user-find-tps-00_14_1.out 2>&1" \ + 0 \ + "Get all users in TPS" + user_entry_12=`cat $TmpDir/pki-user-find-tps-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=12 --size=0 > $TmpDir/pki-user-find-tps-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tps-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-021: Should not be able to find user using a revoked cert TPS_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tps-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tps-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-022: Should not be able to find users using an agent with revoked cert TPS_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tps-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tps-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-023: Should not be able to find users using a valid agent TPS_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tps-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-tps-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tps-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tps-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-025: Should not be able to find users using admin user with expired cert TPS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tps-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tps-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-tps-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-026: Should not be able to find users using TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tps-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tps-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-tps-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-027: Should not be able to find users using a TPS_officerV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_officerV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_officerV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tps-officerV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a officer cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-tps-officerV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-028: Should not be able to find users using a TPS_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tps-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-tps-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -t tps \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tps-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tps-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + -t tps \ + user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password -t tps user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-find-tps-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tps-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-user-find-tps-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-tps-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-tps-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-tps-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tps-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='Éric Têko' u26 > $TmpDir/pki-user-show-tps-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-tps-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-show-tps-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-tps-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del $usr > $TmpDir/pki-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} + diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-add-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-add-tps.sh new file mode 100755 index 000000000..9d76a7636 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-add-tps.sh @@ -0,0 +1,709 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-add Add TPS user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-tps.sh +###################################################################################### + +######################################################################## +run_pki-user-cli-user-membership-add-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + rlPhaseStartSetup "pki_user_cli_user_membership-add-TPS-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tps_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="Administrators" + groupid4="TPS Operators" + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-002: pki user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership > $TmpDir/pki_user_membership_cfg.out 2>&1" \ + 0 \ + "pki user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-find Find user memberships" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-add Add user membership" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-del Remove user membership" "$TmpDir/pki_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-003: pki user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-add --help > $TmpDir/pki_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki user-membership-add --help" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-004: pki user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-add > $TmpDir/pki_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-005: Add users to available groups using valid admin user TPS_adminV" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-tps-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-tps-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-tps-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-tps-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-tps-00$i.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-tps-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-tps-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-tps-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tps-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tps-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tps-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-tps-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tps-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-006: Add a user to all available groups using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-tps-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-tps-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-tps-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-tps-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show userall > $TmpDir/pki-user-membership-add-user-show-tps-userall-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-add-user-show-tps-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-show-tps-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-show-tps-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tps-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tps-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tps-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-tps-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tps-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show user1 > $TmpDir/pki-user-membership-add-user-show-tps-user1-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-user-membership-add-user-show-tps-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-show-tps-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-show-tps-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tps-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tps-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tps user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-add-user-add-tps-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tps user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-009: Should be able to user-membership-add user name with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='ÖrjanÄke' u5" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='ÖrjanÄke' u5" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tps user-membership-add u5 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-tps-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tps-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-tps-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tps user-membership-find u5" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-find-tps-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-find-tps-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-010: Should be able to user-membership-add user to group id with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='Éric Têko' u6" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='Éric Têko' u6" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-tps-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tps-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tps-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-tps-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add u6 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-add-groupadd-tps-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tps-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tps-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find u6 > $TmpDir/pki-user-membership-add-groupadd-find-tps-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-find-tps-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-011: Should not be able to user-membership-add using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminR -c $CERTDB_DIR_PASSWORD -t tps user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-012: Should not be able to user-membership-add using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${TPS_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t tps user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-013: Should not be able to user-membership-add using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TPS_INST}_adminE -c $CERTDB_DIR_PASSWORD -t tps user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-014: Should not be able to user-membership-add using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${TPS_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-015: Should not be able to user-membership-add using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n ${TPS_INST}_officerV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t tps user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-016: Should not be able to user-membership-add using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${TPS_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-017: Should not be able to user-membership-add using TPS_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-user-membership-add-user-add-tps-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user2 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tps-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tps-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tps-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find $user2 > $TmpDir/pki-user-membership-find-groupadd-find-tps-$user2-019.out" \ + 0 \ + "Find user-membership to groups of $user2" + rlAssertGrep "3 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-$user2-019.out" + rlAssertGrep "Number of entries returned 3" "$TmpDir/pki-user-membership-find-groupadd-find-tps-$user2-019.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tps-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tps-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $TPS_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${TPS_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-tps-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tps-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user2 \"$groupid3\" > $TmpDir/pki-user-membership-add-groupadd-tps-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid3\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-tps-usertest2-019_2.out" + rlAssertGrep "Group: $groupid3" "$TmpDir/pki-user-membership-add-groupadd-tps-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find $user2 > $TmpDir/pki-user-membership-add-groupadd-find-tps-usertest1-019_3.out" \ + 0 \ + "Check user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid3" "$TmpDir/pki-user-membership-add-groupadd-find-tps-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test_user u19 > $TmpDir/pki-user-add-tps-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-tps-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-tps-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tps-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TPS-019: Should not be able to add user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -t tps user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-add-tps-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-user-membership-add-user-del-tps-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-user-membership-add-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del userall > $TmpDir/pki-user-del-tps-user-membership-add-user-del-tps-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tps-user-membership-add-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del user1 > $TmpDir/pki-user-del-tps-user-membership-add-user-del-tps-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tps-user-membership-add-user-del-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u19 > $TmpDir/pki-user-del-tps-user-membership-add-user-del-tps-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-tps-user-membership-add-user-del-tps-u19-001.out" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 3 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del testuser$i > $TmpDir/pki-user-membership-add-tps-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-user-membership-add-tps-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${TPS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-del-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-del-tps.sh new file mode 100755 index 000000000..92accc557 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-del-tps.sh @@ -0,0 +1,829 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-membership-del TPS CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-tps.sh +###################################################################################### + +run_pki-user-cli-user-membership-del-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + rlPhaseStartSetup "pki_user_cli_user_membership-del-TPS-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$tps_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups tps-group-find + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="Administrators" + groupid4="TPS Operators" + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-002: pki user-membership-del --help configuration test" + rlRun "pki user-membership-del --help > $TmpDir/pki_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki user-membership-del --help" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-003: pki user-membership-del configuration test" + rlRun "pki user-membership-del > $TmpDir/pki_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-004: Delete user-membership when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-tps-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-tps-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-tps-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-tps-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-tps-00$i.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-tps-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-tps-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-tps-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tps-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tps-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tps-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-tps-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tps-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-del u$i \"$gid\" > $TmpDir/pki-user-membership-del-groupdel-del-tps-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupdel-del-tps-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-005: Delete user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-tps-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-tps-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-tps-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-tps-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tps-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tps-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tps-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-tps-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tps-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-del userall \"$gid\" > $TmpDir/pki-user-membership-del-groupadd-tps-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupadd-tps-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tps-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-del user1 > $TmpDir/pki-user-membership-del-groupadd-tps-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID>" "$TmpDir/pki-user-membership-del-groupadd-tps-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-user-membership-add-user-add-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add user2 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tps-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-del \"\" \"Administrators\" > $TmpDir/pki-user-membership-del-groupadd-tps-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-membership-del-groupadd-tps-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-008: Should not be able to user-membership-del using a revoked cert TPS_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -t tps user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-009: Should not be able to user-membership-del using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-010: Should not be able to user-membership-del using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a valid agent cert TPS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-011: Should not be able to user-membership-del using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t tps user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-012: Should not be able to user-membership-del using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-013: Should not be able to user-membership-del using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_officerV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-014: Should not be able to user-membership-del using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-015: Should not be able to user-membership-del using TPS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-016: Delete user-membership for user fullname with i18n characters" + user6="u6" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='Éric Têko' $user6" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='Éric Têko' $user6" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-tps-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tps-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tps-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-tps-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user6 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user6 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-tps-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-tps-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-tps-017_2.out" + rlLog "Delete user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-del $user6 'dadministʁasjɔ̃' > $TmpDir/pki-user-membership-del-tps-017_3.out" \ + 0 \ + "Delete user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-tps-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find $user6 > $TmpDir/pki-user-membership-find-groupadd-find-tps-017_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-017: Delete user-membership for user fullname with i18n characters" + user7="u7" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='ÖrjanÄke' $user7 > $TmpDir/pki-user-add-tps-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-user-add-tps-018.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-add-tps-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user7 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user7 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-tps-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-tps-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-tps-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-del $user7 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-del-tps-018_3.out" \ + 0 \ + "Delete user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-del-tps-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find $user7 > $TmpDir/pki-user-membership-del-groupadd-del-tps-018_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-del-groupadd-del-tps-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-018: Delete user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-del-user-del-tps-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-del-user-del-tps-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-del-user-del-tps-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-del-user-del-tps-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-user-membership-del-user-del-tps-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-membership-del-user-del-tps-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-membership-del-user-del-tps-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-user-membership-del-user-del-tps-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add u12 \"$groupid3\" > $TmpDir/pki-user-membership-add-groupadd-tps-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid3\"" "$TmpDir/pki-user-membership-add-groupadd-tps-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add u12 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-tps-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-tps-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-member-find Administrators > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u12 > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-member-find $groupid3 > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_7.out" \ + 0 \ + "List members of $groupid3 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-TPS-020: User deleted from Administrators group cannot create a new user" + user5="u5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-del-user-add-tps-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tps-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tps-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-add --fullName=test_user $user5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-tps-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tps-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-user-membership-del-groupdel-del-tps-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-user-membership-del-groupdel-del-tps-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-del-tps-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-user-membership-del-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-user-membership-del-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del userall > $TmpDir/pki-user-del-tps-user-membership-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tps-user-membership-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del user1 > $TmpDir/pki-user-del-tps-user-membership-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tps-user-membership-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del user2 > $TmpDir/pki-user-del-tps-user-membership-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-tps-user-membership-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del user123 > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del testuser1 > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-testuser1.out" + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-find-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-find-tps.sh new file mode 100755 index 000000000..62209e36d --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-find-tps.sh @@ -0,0 +1,762 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-find Find TPS user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-find-tps.sh +###################################################################################### + +run_pki-user-cli-user-membership-find-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + + rlPhaseStartSetup "pki_user_cli_user_membership-find-TPS-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$tps_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups tps-group-find + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="Administrators" + groupid4="TPS Operators" + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-002: pki user-membership-find --help configuration test" + rlRun "pki user-membership-find --help > $TmpDir/pki_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki user-membership-find --help" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-003: pki user-membership-find configuration test" + rlRun "pki user-membership-find > $TmpDir/pki_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-004: Find user-membership when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-find-user-find-tps-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-find-user-find-tps-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-find-tps-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-find-tps-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u$i > $TmpDir/pki-user-membership-find-user-show-tps-00$i.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-find-user-show-tps-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-show-tps-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-show-tps-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-tps-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-tps-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-tps-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find u$i > $TmpDir/pki-user-membership-find-groupadd-find-tps-00$i.out" \ + 0 \ + "Find user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tps-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-tps-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-005: Find user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-find-user-find-tps-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-find-user-find-tps-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-find-tps-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-find-tps-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show userall > $TmpDir/pki-user-membership-find-user-show-tps-userall-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-find-user-show-tps-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-show-tps-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-show-tps-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-tps-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-tps-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-tps-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall > $TmpDir/pki-user-membership-find-groupadd-find-tps-userall-00$i.out" \ + 0 \ + "Find user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tps-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-user-membership-find-groupadd-find-tps-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-006: Find user-membership of a user from the 3rd position (start=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --start=2 > $TmpDir/pki-user-membership-find-groupadd-find-tps-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-001.out" + rlAssertGrep "Group: $groupid3" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-001.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-001.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-007: Find all user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --start=0 > $TmpDir/pki-user-membership-find-groupadd-find-tps-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-002.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-008: Find user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --start=-1 > $TmpDir/pki-user-membership-find-groupadd-find-tps-start-003.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-003.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-009: Find user-memberships when page start greater than available number of groups (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --start=5 > $TmpDir/pki-user-membership-find-groupadd-find-tps-start-004.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-tps-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-010: Should not be able to find user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -t tps user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-011: Find user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --size=0 > $TmpDir/pki-user-membership-find-groupadd-find-tps-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-012: Find user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --size=1 > $TmpDir/pki-user-membership-find-groupadd-find-tps-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-013: Find user-memberships when page size is max 4 (size=4)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --size=4 > $TmpDir/pki-user-membership-find-groupadd-find-tps-size-008.out" 0 \ + "user_membership-find with size paramete is max" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-008.out" + rlAssertGrep "Group: $groupid3" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-008.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-008.out" + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-014: Find user-memberships when page size is 5 (size=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --size=5 > $TmpDir/pki-user-membership-find-groupadd-find-tps-size-009.out" 0 \ + "user_membership-find with size parameter as 5" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-009.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-015: Find user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --size=100 > $TmpDir/pki-user-membership-find-groupadd-find-tps-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-0010.out" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-016: Find user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --size=-1 > $TmpDir/pki-user-membership-find-groupadd-find-tps-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "4 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-tps-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-017: Should not be able to find user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tps user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-018: Find user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --start=2 --size=5 > $TmpDir/pki-user-membership-find-tps-019.out" \ + 0 \ + "Find user-membership with page start and page size option" + rlAssertGrep "2 entries matched" "$TmpDir/pki-user-membership-find-tps-019.out" + i=3 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-tps-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-tps-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-019: Find user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --size=$maximum_check > $TmpDir/pki-user-membership-find-tps-020.out 2>&1" \ + 255 \ + "Find user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-tps-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-020: Find user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find userall --start=$maximum_check > $TmpDir/pki-user-membership-find-tps-021.out 2>&1" \ + 255 \ + "Find user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-tps-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-021: Should not be able to user-membership-find using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-022: Should not be able to user-membership-find using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tps user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-023: Should not be able to user-membership-find using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tps user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid agent TPS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-024: Should not be able to user-membership-find using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tps user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired admin TPS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-025: Should not be able to user-membership-find using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tps user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired agent TPS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-026: Should not be able to user-membership-find using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_officerV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tps user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid officer TPS_officerV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-027: Should not be able to user-membership-find using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tps user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid operator TPS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-028: Should not be able to user-membership-find using TPS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD -t tps user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-029:Find user-membership for user fullname with i18n characters" + user9="u9" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='Éric Têko' $user9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='Éric Têko' $user9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-tps-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tps-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tps-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-tps-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user9 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-tps-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-tps-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-tps-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find $user9 > $TmpDir/pki-user-membership-find-groupadd-find-tps-031_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-tps-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-030: Find user-membership for user fullname with i18n characters" + user6="u6" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='ÖrjanÄke' $user6 > $TmpDir/pki-user-add-tps-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-user-add-tps-032.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-add-tps-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user6 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-add $user6 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-tps-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-tps-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-tps-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-membership-find $user6 > $TmpDir/pki-user-membership-find-groupadd-find-tps-032_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tps-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-tps-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TPS-031: Find user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-find-user-find-tps-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-find-user-find-tps-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-find-user-find-tps-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-find-user-find-tps-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tps user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-user-membership-find-user-find-tps-033_2.out" 0 "Find user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-user-find-tps-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-find-tps-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del userall > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del user123 > $TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tps-user-membership-find-user-del-tps-user123.out" + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-mod-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-mod-tps.sh new file mode 100755 index 000000000..e805c823b --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-mod-tps.sh @@ -0,0 +1,1156 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-mod Modify existing users in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-mod-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-user-cli-user-mod-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_user_cli_user_mod_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$tps_instance_created" = "TRUE" ] ; then + TPS_HOST=$(eval echo \$${MYROLE}) + TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + user1=tps_user + user1fullname="Test tps user" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + user1_mod_fullname="Test tps user modified" + user1_mod_email="testtpsuser@myemail.com" + user1_mod_passwd="Secret1234" + user1_mod_state="NC" + user1_mod_phone="1234567890" + randsym="" + i18nuser=i18nuser + i18nuserfullname="Örjan Äke" + i18nuser_mod_fullname="kakskümmend" + i18nuser_mod_email="kakskümmend@example.com" + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_officerV_user=${subsystemId}_officerV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-002: Modify a user's fullname in TPS using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tps-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tps-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tps-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-003: Modify a user's email,phone,state,password in TPS using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-tps-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tps-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tps-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-tps-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-tps-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tps-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-tps-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-tps-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-tps-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tps-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-005:--email with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=\"$randsym\" u2 > $TmpDir/pki-tps-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-tps-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-tps-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-tps-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=# u3 > $TmpDir/pki-tps-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-tps-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-tps-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-tps-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=* u4 > $TmpDir/pki-tps-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-tps-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-tps-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-tps-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=$ u5 > $TmpDir/pki-tps-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-tps-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-tps-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-tps-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=0 u6 > $TmpDir/pki-tps-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-tps-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-tps-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-tps-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-tps-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-tps-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-tps-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tps-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod-011:--state with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state=\"$randsym\" u8 > $TmpDir/pki-tps-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-tps-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-tps-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-tps-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state=# u9 > $TmpDir/pki-tps-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-tps-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tps-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-tps-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state=* u10 > $TmpDir/pki-tps-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-tps-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tps-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-tps-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state=$ u11 > $TmpDir/pki-tps-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-tps-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tps-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-tps-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --state=0 u12 > $TmpDir/pki-tps-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-tps-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tps-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-tps-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-tps-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-tps-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tps-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tps-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-017:--phone with maximum length and symbols " + randsym_b64=$(openssl rand -base64 8193 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test usr1" + special_symbols="#$@*" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --phone='$randsym$special_symbols' usr1" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-018:--phone with maximum length and numbers only " + randhex=$(openssl rand -hex 1024) + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --phone=\"$randsym\" usr1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-tps-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"usr1\"" "$TmpDir/pki-tps-user-mod-018.out" + rlAssertGrep "User ID: usr1" "$TmpDir/pki-tps-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-tps-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --phone=-1230 u14 > $TmpDir/pki-tps-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-tps-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-tps-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tps-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-tps-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-023-tier1: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_user_cli_user_mod-tps-024-tier1: Modify a user -- all options provided" + email="tps_user2@myemail.com" + user_password="tpsuser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-tps-user-mod-025.out" \ + 0 \ + "Modify user u15 to TPS -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-tps-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-tps-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_user_cli_user_mod_tps-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_user_cli_user_mod_tps-028: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_tps-029: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_user_cli_user_mod_tps-030: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_tps-031: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using officer users##### + rlPhaseStartTest "pki_user_cli_user_mod_tps-032: Should not be able to modify user using an officer user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an officer cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_user_cli_user_mod_tps-033: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as TPS_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted TPS users##### + rlPhaseStartTest "pki_user_cli_user_mod_tps-034: Should not be able to modify user using a cert created from a untrusted TPS role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_user_cli_user_mod_tps-035: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName='$user1fullname' u17" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-036: Modify a user in TPS using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-037: Modify a user in TPS using TPS admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show u16 > $TmpDir/pki-tps-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tps-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=\"\" u16 > $TmpDir/pki-tps-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tps-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-038: Modify a user in TPS using TPS_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show u16 > $TmpDir/pki-tps-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tps-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tps-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-039: Modify a user in TPS using an admin user in TPS - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show u16 > $TmpDir/pki-tps-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tps-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tps-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify TPS users with the same value #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-040: Modify a user in TPS using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show $user1 > $TmpDir/pki-tps-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-tps-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tps-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tps-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tps-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tps-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tps-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify CA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tps-041: Modify a user in TPS using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show u16 > $TmpDir/pki-tps-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tps-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-tps-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --email=\"$email\" u16 > $TmpDir/pki-tps-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tps-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tps-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tps-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tps-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify TPS users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-042: Modify a user's fullname having i18n chars in TPS using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-tps-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-tps-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-tps-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-tps-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify TPS users having i18n chars in email #### + +rlPhaseStartTest "pki_user_cli_user_mod_tps-043: Modify a user's email having i18n chars in TPS using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_user_cli_user_tps_cleanup: Deleting role users" + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del usr$i > $TmpDir/pki-usr-del-tps-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-tps-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $usr > $TmpDir/pki-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del $i18nuser > $TmpDir/pki-user-del-tps-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-user-del-tps-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd + else + rlLog "TPS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-show-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-show-tps.sh new file mode 100755 index 000000000..99f3582c2 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-show-tps.sh @@ -0,0 +1,1195 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-show Show TPS users +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-show-tps.sh +###################################################################################### + +######################################################################## +run_pki-user-cli-user-show-tps_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + rlPhaseStartSetup "pki_user_cli_user_show-tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$tps_instance_created" = "TRUE" ] ; then + #local variables + user1=tps_agent2 + user1fullname="Test tps_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + rlPhaseStartTest "pki_user_show-configtest: pki user-show configuration test" + rlRun "pki user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \ + 0 \ + "pki user-show" + rlAssertGrep "usage: user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_user_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TPS users #### + rlPhaseStartTest "pki_user_cli_user_show-TPS-001: Add user to TPS using TPS_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show $user1 > $TmpDir/pki-user-show-tps-001.out" \ + 0 \ + "Show user $user1" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-show-tps-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-show-tps-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tps-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show $user2 > $TmpDir/pki-user-show-tps-001_1.out" \ + 0 \ + "Show $user2 user" + rlAssertGrep "User \"$user2\"" "$TmpDir/pki-user-show-tps-001_1.out" + actual_userid_string=`cat $TmpDir/pki-user-show-tps-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show $user3 > $TmpDir/pki-user-show-tps-001_2.out" \ + 0 \ + "Show $user3 user" + rlAssertGrep "User \"$user3\"" "$TmpDir/pki-user-show-tps-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-show-tps-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show $user4 > $TmpDir/pki-user-show-tps-001_3.out" \ + 0 \ + "Show $user4 user" + rlAssertGrep "User \"$user4\"" "$TmpDir/pki-user-show-tps-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-show-tps-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show $user5 > $TmpDir/pki-user-show-tps-001_4.out" \ + 0 \ + "Show $user5 user" + rlAssertGrep "User \"$user5\"" "$TmpDir/pki-user-show-tps-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-show-tps-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show $user6 > $TmpDir/pki-user-show-tps-001_5.out" \ + 0 \ + "Show $user6 user" + rlAssertGrep "User \"$user6\"" "$TmpDir/pki-user-show-tps-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-show-tps-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show $user7 > $TmpDir/pki-user-show-tps-001_6.out" \ + 0 \ + "Show user $user7" + rlAssertGrep "User \"$user7\"" "$TmpDir/pki-user-show-tps-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-show-tps-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u1 > $TmpDir/pki-user-show-tps-001_7.out" \ + 0 \ + "Show user u1" + rlAssertGrep "User \"u1\"" "$TmpDir/pki-user-show-tps-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-user-show-tps-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-show-tps-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u2 > $TmpDir/pki-user-show-tps-001_8.out" \ + 0 \ + "Show user u2" + rlAssertGrep "User \"u2\"" "$TmpDir/pki-user-show-tps-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-user-show-tps-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-show-tps-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u3 > $TmpDir/pki-user-show-tps-001_9.out" \ + 0 \ + "Add user u3" + rlAssertGrep "User \"u3\"" "$TmpDir/pki-user-show-tps-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-user-show-tps-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-user-show-tps-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u4 > $TmpDir/pki-user-show-tps-001_10.out" \ + 0 \ + "Show user u4 using ${prefix}_adminV" + rlAssertGrep "User \"u4\"" "$TmpDir/pki-user-show-tps-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-user-show-tps-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-user-show-tps-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u5 > $TmpDir/pki-user-show-tps-001_11.out" \ + 0 \ + "Show user u5 using ${prefix}_adminV" + rlAssertGrep "User \"u5\"" "$TmpDir/pki-user-show-tps-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-user-show-tps-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-user-show-tps-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u6 > $TmpDir/pki-user-show-tps-001_12.out" \ + 0 \ + "Show user u6 using ${prefix}_adminV" + rlAssertGrep "User \"u6\"" "$TmpDir/pki-user-show-tps-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-user-show-tps-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-user-show-tps-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u7 > $TmpDir/pki-user-show-tps-001_13.out" \ + 0 \ + "Show user u7 using ${prefix}_adminV" + rlAssertGrep "User \"u7\"" "$TmpDir/pki-user-show-tps-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-user-show-tps-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-show-tps-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-tps-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-tps-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u8 > $TmpDir/pki-user-show-tps-001_14.out" \ + 0 \ + "Show user u8 using ${prefix}_adminV" + rlAssertGrep "User \"u8\"" "$TmpDir/pki-user-show-tps-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-user-show-tps-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-show-tps-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-tps-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-tps-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u9 > $TmpDir/pki-user-show-tps-001_15.out" \ + 0 \ + "Show user u9 using ${prefix}_adminV" + rlAssertGrep "User \"u9\"" "$TmpDir/pki-user-show-tps-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-show-tps-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-user-show-tps-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u10 > $TmpDir/pki-user-show-tps-001_16.out" \ + 0 \ + "Show user u10 using ${prefix}_adminV" + rlAssertGrep "User \"u10\"" "$TmpDir/pki-user-show-tps-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-show-tps-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-user-show-tps-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u11 > $TmpDir/pki-user-show-tps-001_17.out" \ + 0 \ + "Show user u11 using ${prefix}_adminV" + rlAssertGrep "User \"u11\"" "$TmpDir/pki-user-show-tps-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-show-tps-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-user-show-tps-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u12 > $TmpDir/pki-user-show-tps-001_18.out" \ + 0 \ + "Show pki ${prefix}_adminV user" + rlAssertGrep "User \"u12\"" "$TmpDir/pki-user-show-tps-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-show-tps-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-user-show-tps-001_18.out" + rlPhaseEnd + + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html + rlPhaseStartTest "pki_user_cli_user_show-TPS-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u13 > $TmpDir/pki-user-show-tps-001_19.out" \ + 0 \ + "Show user u13 using ${prefix}_adminV" + rlAssertGrep "User \"u13\"" "$TmpDir/pki-user-show-tps-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-user-show-tps-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-tps-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-show u14 > $TmpDir/pki-user-show-tps-001_24.out" \ + 0 \ + "Show user u14 using ${prefix}_adminV" + rlAssertGrep "User \"u14\"" "$TmpDir/pki-user-show-tps-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-user-show-tps-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-show-tps-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u15 > $TmpDir/pki-user-show-tps-001_25.out" \ + 0 \ + "Show user u15 using ${prefix}_adminV" + rlAssertGrep "User \"u15\"" "$TmpDir/pki-user-show-tps-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-show-tps-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-show-tps-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u16 > $TmpDir/pki-user-show-tps-001_26.out" \ + 0 \ + "Show user u16 using ${prefix}_adminV" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-user-show-tps-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-show-tps-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-show-tps-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u17 > $TmpDir/pki-user-show-tps-001_27.out" \ + 0 \ + "Show user u17 using ${prefix}_adminV" + rlAssertGrep "User \"u17\"" "$TmpDir/pki-user-show-tps-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-user-show-tps-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-show-tps-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-show u18 > $TmpDir/pki-user-show-tps-001_28.out" \ + 0 \ + "Show user u18 using ${prefix}_adminV" + rlAssertGrep "User \"u18\"" "$TmpDir/pki-user-show-tps-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-user-show-tps-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-user-show-tps-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u19 > $TmpDir/pki-user-show-tps-001_29.out" \ + 0 \ + "Show user u19 using ${prefix}_adminV" + rlAssertGrep "User \"u19\"" "$TmpDir/pki-user-show-tps-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-show-tps-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-show-tps-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u20 > $TmpDir/pki-user-show-tps-001_30.out" \ + 0 \ + "Show user u20 using ${prefix}_adminV" + rlAssertGrep "User \"u20\"" "$TmpDir/pki-user-show-tps-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-show-tps-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-show-tps-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u21 > $TmpDir/pki-user-show-tps-001_31.out" \ + 0 \ + "Show user u21 using ${prefix}_adminV" + rlAssertGrep "User \"u21\"" "$TmpDir/pki-user-show-tps-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-user-show-tps-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tps-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-show-tps-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-029: Show user with -t tps option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u22 > $TmpDir/pki-user-show-tps-001_32.out" \ + 0 \ + "Show user u22 using ${prefix}_adminV" + rlAssertGrep "User \"u22\"" "$TmpDir/pki-user-show-tps-001_32.out" + rlAssertGrep "User ID: u22" "$TmpDir/pki-user-show-tps-001_32.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tps-001_32.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u23 > $TmpDir/pki-user-show-tps-001_33.out" \ + 0 \ + "Show user u23 using ${prefix}_adminV" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-tps-001_33.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tps-001_33.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tps-001_33.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-show-tps-001_33.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-tps-001_33.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-tps-001_33.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-show-tps-001_33.out" + rlPhaseEnd + + #Negative Cases + rlPhaseStartTest "pki_user_cli_user_show-TPS-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show U23 > $TmpDir/pki-user-show-tps-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-user-show-tps-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tps-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tps-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-show-tps-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-tps-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-tps-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-show-tps-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-033: Should not be able to show user using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-034: Should not be able to show user using a agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-035: Should not be able to show user using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-036: Should not be able to show user using a TPS_agentR user" + rlLog "To test error message consistency for the request pki_user_cli_user_show-TPS-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tps user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-037: Should not be able to show user using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-038: Should not be able to show user using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-039: Should not be able to show user using a TPS_officerV" + command="pki -d $CERTDB_DIR -n ${prefix}_officerV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a officer cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-040: Should not be able to show user using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tps user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u23 > $TmpDir/pki-user-show-tps-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-tps-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-tps-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-show-tps-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-tps-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show \"$user_length_exceed_max\" > $TmpDir/pki-user-show-tps-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-tps-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-044: user name with i18n characters" + rlLog "user-add user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-user-show-tps-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u24 > $TmpDir/pki-user-show-tps-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tps-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tps-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-user-show-tps-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TPS-045: user name with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-user-show-tps-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-show u25 > $TmpDir/pki-user-show-tps-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-user-show-tps-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-tps-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-user-show-tps-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_officerV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tps \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-del $usr > $TmpDir/pki-user-del-tps-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tps-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TPS instance is not installed" + fi +} diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh index fe1daec26..4dd8ea23e 100755 --- a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh +++ b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh @@ -769,6 +769,7 @@ rhcs_install_tps() { rlLog "EXECUTING: pkispawn -s TPS -f $INSTANCECFG -v " rlRun "pkispawn -s TPS -f $INSTANCECFG -v > $INSTANCE_CREATE_OUT 2>&1" + tps_pkispawn_retval=$? cat $INSTANCE_CREATE_OUT exp_message1="Administrator's username: $(eval echo \$TPS${number}_ADMIN_USER)" rlAssertGrep "$exp_message1" "$INSTANCE_CREATE_OUT" @@ -788,12 +789,20 @@ rhcs_install_tps() { mkdir -p $CLIENT_PKCS12_DIR mv /var/lib/pki/$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)/alias/tps_backup_keys.p12 $CLIENT_PKCS12_DIR - #Update Instance creation status to env.sh - rlLog "Executing: pkidaemon status tomcat" - rlRun "pkidaemon status tomcat > /tmp/TPS${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" - exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$TPS${number}_SECURE_PORT)/services" - if [ $(grep $exp_result1 /tmp/TPS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/TPS${number}_instance_status.txt | wc -l) -gt 0 ] ; then +# #Update Instance creation status to env.sh +# rlLog "Executing: pkidaemon status tomcat" +# rlRun "pkidaemon status tomcat > /tmp/TPS${number}_instance_status.txt 2>&1" +# exp_result1="$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" +# exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$TPS${number}_SECURE_PORT)/services" +# if [ $(grep $exp_result1 /tmp/TPS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/TPS${number}_instance_status.txt | wc -l) -gt 0 ] ; then +# rlLog "TPS${number} instance creation successful" +# sed -i s/^TPS${number}_INSTANCE_CREATED_STATUS=False/TPS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh +# rlRun "export TPS${number}_INSTANCE_CREATED_STATUS=TRUE" +# fi + # BZ 1188331 pkidaemon status tomcat does not list TPS subsystem details + #Because of this bug above code to Update Instance creation status to env.sh does not give correct results, when BZ is fixed un-comment above lines and remove Temp Workaround. + #Temp Workaround is: + if [ $tps_pkispawn_retval -eq 0 ] ; then rlLog "TPS${number} instance creation successful" sed -i s/^TPS${number}_INSTANCE_CREATED_STATUS=False/TPS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh rlRun "export TPS${number}_INSTANCE_CREATED_STATUS=TRUE" diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index 36f9cef08..f1caebef9 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -57,11 +57,54 @@ . ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-add-ca.sh . ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-show-ca.sh . ./acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-cert-delete-ca.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-add-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-show-kra.sh . ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-mod-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-find-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-del-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-add-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-find-kra.sh +. ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-membership-del-kra.sh . ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-find-kra.sh . ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-add-kra.sh . ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-show-kra.sh . ./acceptance/cli-tests/pki-user-cli/kra/pki-user-cli-user-cert-delete-kra.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-mod-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-add-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-find-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-del-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-find-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-add-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-show-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-delete-ocsp.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-mod-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-find-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-del-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-add-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-find-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-del-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-find-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-add-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-show-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-delete-tks.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-add-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-show-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-mod-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-find-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-del-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-add-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-find-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-membership-del-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-find-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-add-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-show-tps.sh +. ./acceptance/cli-tests/pki-user-cli/tps/pki-user-cli-user-cert-delete-tps.sh . ./acceptance/cli-tests/pki-cert-cli/pki-cert.sh . ./acceptance/cli-tests/pki-cert-cli/pki-cert-show.sh . ./acceptance/cli-tests/pki-cert-cli/pki-cert-request-show.sh @@ -720,13 +763,35 @@ rlJournalStart subsystemId=$KRA_INST subsystemType=kra caId=$CA_INST + run_pki-user-cli-user-add-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-show-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-user-cli-user-mod-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-del-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-find-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-add-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-find-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-del-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-user-cli-user-cert-add-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-user-cli-user-cert-find-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-user-cli-user-cert-show-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER run_pki-user-cli-user-cert-delete-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER fi - + USER_ADD_KRA_UPPERCASE=$(echo $USER_ADD_KRA | tr [a-z] [A-Z]) + if [ "$USER_ADD_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-add-kra tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-user-cli-user-add-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_SHOW_KRA_UPPERCASE=$(echo $USER_SHOW_KRA | tr [a-z] [A-Z]) + if [ "$USER_SHOW_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-show-kra tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-user-cli-user-show-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi USER_MOD_KRA_UPPERCASE=$(echo $USER_MOD_KRA | tr [a-z] [A-Z]) if [ "$USER_MOD_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki user-mod-kra tests @@ -735,6 +800,46 @@ rlJournalStart caId=$CA_INST run_pki-user-cli-user-mod-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER fi + USER_DEL_KRA_UPPERCASE=$(echo $USER_DEL_KRA | tr [a-z] [A-Z]) + if [ "$USER_DEL_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-del-kra tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-user-cli-user-del-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_FIND_KRA_UPPERCASE=$(echo $USER_FIND_KRA | tr [a-z] [A-Z]) + if [ "$USER_FIND_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-find-kra tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-user-cli-user-find-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_ADD_KRA_UPPERCASE=$(echo $USER_MEMBERSHIP_ADD_KRA | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_ADD_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-add-kra tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-user-cli-user-membership-add-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_FIND_KRA_UPPERCASE=$(echo $USER_MEMBERSHIP_FIND_KRA | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_FIND_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-find-kra tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-user-cli-user-membership-find-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_DEL_KRA_UPPERCASE=$(echo $USER_MEMBERSHIP_DEL_KRA | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_DEL_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-del-kra tests + subsystemId=$KRA_INST + subsystemType=kra + caId=$CA_INST + run_pki-user-cli-user-membership-del-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi USER_CERT_ADD_KRA_UPPERCASE=$(echo $USER_CERT_ADD_KRA | tr [a-z] [A-Z]) if [ "$USER_CERT_ADD_KRA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki user-cert-add-kra tests @@ -767,6 +872,356 @@ rlJournalStart caId=$CA_INST run_pki-user-cli-user-cert-delete-kra_tests $subsystemId $subsystemType $MYROLE $caId $MASTER fi + ######## PKI USER OCSP TESTS ############ + PKI_USER_OCSP_UPPERCASE=$(echo $PKI_USER_OCSP | tr [a-z] [A-Z]) + if [ "$PKI_USER_OCSP_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-add-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-show-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-mod-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-del-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-del-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-show-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-delete-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_ADD_OCSP_UPPERCASE=$(echo $USER_ADD_OCSP | tr [a-z] [A-Z]) + if [ "$USER_ADD_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-add-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_SHOW_OCSP_UPPERCASE=$(echo $USER_SHOW_OCSP | tr [a-z] [A-Z]) + if [ "$USER_SHOW_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-show-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-show-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MOD_OCSP_UPPERCASE=$(echo $USER_MOD_OCSP | tr [a-z] [A-Z]) + if [ "$USER_MOD_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-mod-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-mod-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_DEL_OCSP_UPPERCASE=$(echo $USER_DEL_OCSP | tr [a-z] [A-Z]) + if [ "$USER_DEL_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-del-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-del-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_FIND_OCSP_UPPERCASE=$(echo $USER_FIND_OCSP | tr [a-z] [A-Z]) + if [ "$USER_FIND_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-find-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_ADD_OCSP_UPPERCASE=$(echo $USER_MEMBERSHIP_ADD_OCSP | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_ADD_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-add-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-membership-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_FIND_OCSP_UPPERCASE=$(echo $USER_MEMBERSHIP_FIND_OCSP | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_FIND_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-find-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-membership-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_DEL_OCSP_UPPERCASE=$(echo $USER_MEMBERSHIP_DEL_OCSP | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_DEL_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-del-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-membership-del-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_ADD_OCSP_UPPERCASE=$(echo $USER_CERT_ADD_OCSP | tr [a-z] [A-Z]) + if [ "$USER_CERT_ADD_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-add-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-cert-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_FIND_OCSP_UPPERCASE=$(echo $USER_CERT_FIND_OCSP | tr [a-z] [A-Z]) + if [ "$USER_CERT_FIND_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-find-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-cert-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_SHOW_OCSP_UPPERCASE=$(echo $USER_CERT_SHOW_OCSP | tr [a-z] [A-Z]) + if [ "$USER_CERT_SHOW_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-show-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-cert-show-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_DEL_OCSP_UPPERCASE=$(echo $USER_CERT_DEL_OCSP | tr [a-z] [A-Z]) + if [ "$USER_CERT_DEL_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-del-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-user-cli-user-cert-delete-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + ######## PKI USER TKS TESTS ############ + PKI_USER_TKS_UPPERCASE=$(echo $PKI_USER_TKS | tr [a-z] [A-Z]) + if [ "$PKI_USER_TKS_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-add-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-add-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-show-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-mod-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-del-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-add-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-del-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-add-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-show-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-delete-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + + USER_ADD_TKS_UPPERCASE=$(echo $USER_ADD_TKS | tr [a-z] [A-Z]) + if [ "$USER_ADD_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-add-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-add-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_SHOW_TKS_UPPERCASE=$(echo $USER_SHOW_TKS | tr [a-z] [A-Z]) + if [ "$USER_SHOW_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-show-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-show-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MOD_TKS_UPPERCASE=$(echo $USER_MOD_TKS | tr [a-z] [A-Z]) + if [ "$USER_MOD_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-mod-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-mod-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_DEL_TKS_UPPERCASE=$(echo $USER_DEL_TKS | tr [a-z] [A-Z]) + if [ "$USER_DEL_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-del-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-del-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_FIND_TKS_UPPERCASE=$(echo $USER_FIND_TKS | tr [a-z] [A-Z]) + if [ "$USER_FIND_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-find-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_ADD_TKS_UPPERCASE=$(echo $USER_MEMBERSHIP_ADD_TKS | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_ADD_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-add-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-membership-add-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_FIND_TKS_UPPERCASE=$(echo $USER_MEMBERSHIP_FIND_TKS | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_FIND_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-find-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-membership-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_DEL_TKS_UPPERCASE=$(echo $USER_MEMBERSHIP_DEL_TKS | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_DEL_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-del-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-membership-del-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_ADD_TKS_UPPERCASE=$(echo $USER_CERT_ADD_TKS | tr [a-z] [A-Z]) + if [ "$USER_CERT_ADD_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-add-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-cert-add-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_FIND_TKS_UPPERCASE=$(echo $USER_CERT_FIND_TKS | tr [a-z] [A-Z]) + if [ "$USER_CERT_FIND_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-find-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-cert-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_SHOW_TKS_UPPERCASE=$(echo $USER_CERT_SHOW_TKS | tr [a-z] [A-Z]) + if [ "$USER_CERT_SHOW_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-show-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-cert-show-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_DEL_TKS_UPPERCASE=$(echo $USER_CERT_DEL_TKS | tr [a-z] [A-Z]) + if [ "$USER_CERT_DEL_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-del-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-user-cli-user-cert-delete-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + ######## PKI USER TPS TESTS ############ + PKI_USER_TPS_UPPERCASE=$(echo $PKI_USER_TPS | tr [a-z] [A-Z]) + if [ "$PKI_USER_TPS_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-add-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-add-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-show-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-mod-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-del-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-add-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-membership-del-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-add-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-show-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-user-cli-user-cert-delete-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + + USER_ADD_TPS_UPPERCASE=$(echo $USER_ADD_TPS | tr [a-z] [A-Z]) + if [ "$USER_ADD_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-add-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-add-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_SHOW_TPS_UPPERCASE=$(echo $USER_SHOW_TPS | tr [a-z] [A-Z]) + if [ "$USER_SHOW_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-show-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-show-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MOD_TPS_UPPERCASE=$(echo $USER_MOD_TPS | tr [a-z] [A-Z]) + if [ "$USER_MOD_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-mod-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-mod-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_DEL_TPS_UPPERCASE=$(echo $USER_DEL_TPS | tr [a-z] [A-Z]) + if [ "$USER_DEL_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-del-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-del-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_FIND_TPS_UPPERCASE=$(echo $USER_FIND_TPS | tr [a-z] [A-Z]) + if [ "$USER_FIND_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-find-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_ADD_TPS_UPPERCASE=$(echo $USER_MEMBERSHIP_ADD_TPS | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_ADD_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-add-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-membership-add-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_FIND_TPS_UPPERCASE=$(echo $USER_MEMBERSHIP_FIND_TPS | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_FIND_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-find-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-membership-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_MEMBERSHIP_DEL_TPS_UPPERCASE=$(echo $USER_MEMBERSHIP_DEL_TPS | tr [a-z] [A-Z]) + if [ "$USER_MEMBERSHIP_DEL_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-membership-del-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-membership-del-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_ADD_TPS_UPPERCASE=$(echo $USER_CERT_ADD_TPS | tr [a-z] [A-Z]) + if [ "$USER_CERT_ADD_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-add-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-cert-add-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_FIND_TPS_UPPERCASE=$(echo $USER_CERT_FIND_TPS | tr [a-z] [A-Z]) + if [ "$USER_CERT_FIND_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-find-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-cert-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_SHOW_TPS_UPPERCASE=$(echo $USER_CERT_SHOW_TPS | tr [a-z] [A-Z]) + if [ "$USER_CERT_SHOW_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-show-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-cert-show-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + USER_CERT_DEL_TPS_UPPERCASE=$(echo $USER_CERT_DEL_TPS | tr [a-z] [A-Z]) + if [ "$USER_CERT_DEL_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki user-cert-del-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-user-cli-user-cert-delete-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi ######## PKI CA_USER TESTS ############ PKI_CA_USER_UPPERCASE=$(echo $PKI_CA_USER | tr [a-z] [A-Z]) if [ "$PKI_CA_USER_UPPERCASE" = "TRUE" ] ; then |