diff options
| author | Roshni Pattath <rpattath@redhat.com> | 2015-02-02 11:30:38 -0500 |
|---|---|---|
| committer | Roshni Pattath <rpattath@redhat.com> | 2015-02-02 11:31:47 -0500 |
| commit | 6d46be4ebf4cbbe3114f3b39394f4e8ac2d701ad (patch) | |
| tree | a3d35460e55f069bb553fde64b99752c086a2a68 /tests | |
| parent | ffdea31833332a5ed853700fac2186bfa37638a7 (diff) | |
| download | pki-6d46be4ebf4cbbe3114f3b39394f4e8ac2d701ad.tar.gz pki-6d46be4ebf4cbbe3114f3b39394f4e8ac2d701ad.tar.xz pki-6d46be4ebf4cbbe3114f3b39394f4e8ac2d701ad.zip | |
Subca legacy tests
Related changes to Makefile, runtest, rhcs-shared and create role users
Diffstat (limited to 'tests')
11 files changed, 2616 insertions, 122 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index 0e55f4bf3..d7f4faed3 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -250,19 +250,25 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/legacy/ca-tests/acls/ca-admin-acl.sh chmod a+x ./acceptance/legacy/ca-tests/internaldb/ca-admin-internaldb.sh chmod a+x ./acceptance/legacy/ca-tests/authplugin/ca-admin-authplugins.sh + chmod a+x ./acceptance/legacy/ca-tests/logs/ca-ad-logs.sh + chmod a+x ./acceptance/legacy/ca-tests/cert-enrollment/ca-ee-enrollments.sh + chmod a+x ./acceptance/legacy/ca-tests/cert-enrollment/ca-ag-requests.sh + chmod a+x ./acceptance/legacy/ca-tests/cert-enrollment/ca-ee-retrieval.sh chmod a+x ./acceptance/legacy/ca-tests/crlissuingpoint/ca-admin-crlissuingpoints.sh chmod a+x ./acceptance/legacy/ca-tests/crls/ca-agent-crls.sh chmod a+x ./acceptance/legacy/ca-tests/publishing/ca-admin-publishing.sh - chmod a+x ./acceptance/legacy/ca-tests/ocsp/ca-ee-ocsp.sh - chmod a+x ./acceptance/legacy/ca-tests/cert-enrollment/ca-ee-retrieval.sh - chmod a+x ./acceptance/legacy/ca-tests/cert-enrollment/ca-ee-enrollments.sh - chmod a+x ./acceptance/legacy/ca-tests/cert-enrollment/ca-ag-requests.sh chmod a+x ./acceptance/legacy/ca-tests/cert-enrollment/ca-ag-certificates.sh - chmod a+x ./acceptance/legacy/ca-tests/logs/ca-ad-logs.sh + chmod a+x ./acceptance/legacy/ca-tests/ocsp/ca-ee-ocsp.sh chmod a+x ./acceptance/legacy/drm-tests/acls/drm-ad-acls.sh chmod a+x ./acceptance/legacy/drm-tests/agent/drm-ag-tests.sh chmod a+x ./acceptance/legacy/drm-tests/internaldb/drm-ad-internaldb.sh - chmod a+x ./acceptance/legacy/drm-tests/usergroups/drm-ad-usergroups.sh + chmod a+x ./acceptance/legacy/drm-tests/usergroups/drm-ad-usergroups.sh + chmod a+x ./acceptance/legacy/subca-tests/acls/subca-ad-acls.sh + chmod a+x ./acceptance/legacy/subca-tests/internaldb/subca-ad-internaldb.sh + chmod a+x ./acceptance/legacy/subca-tests/authplugin/subca-ad-authplugin.sh + chmod a+x ./acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh + chmod a+x ./acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh + chmod a+x ./acceptance/legacy/subca-tests/crls/subca-ag-crls.sh # bug verifications chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh @@ -273,11 +279,6 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/bugzilla/jss-bugs/bug-1133718.sh chmod a+x ./acceptance/bugzilla/jss-bugs/bug-1040640.sh chmod a+x ./acceptance/bugzilla/pki-core-bugs/bug-790924.sh - #installer tests - chmod a+x ./acceptance/install-tests/ca-installer.sh - chmod a+x ./acceptance/install-tests/kra-installer.sh - chmod a+x ./acceptance/install-tests/ocsp-installer.sh - chmod a+x ./acceptance/install-tests/tks-installer.sh clean: rm -f *~ $(BUILT_FILES) diff --git a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh index b1ff3d2f3..dd581b960 100644..100755 --- a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh @@ -209,7 +209,13 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi if [ $userid == $(eval echo \$${subsystemId}_adminV_user) -o $userid == $(eval echo \$${subsystemId}_adminR_user) -o $userid == $(eval echo \$${subsystemId}_adminE_user) -o $userid == $(eval echo \$${subsystemId}_agentV_user) -o $userid == $(eval echo \$${subsystemId}_agentR_user) -o $userid == $(eval echo \$${subsystemId}_agentE_user) -o $userid == $(eval echo \$${subsystemId}_auditV_user) -o $userid == $(eval echo \$${subsystemId}_operatorV_user) ]; then if [ "$MYROLE" = "MASTER" ]; then get_topo_stack MASTER $TmpDir/topo_file - MYCAHOST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + if [ $subsystemId = "SUBCA1" ]; then + MYCAHOST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $subsystemId = "CLONE_CA1" ]; then + MYCAHOST=$(cat $TmpDir/topo_file | grep MY_CLONE_CA | cut -d= -f2) + else + MYCAHOST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi else MYCAHOST=$MYROLE fi @@ -305,10 +311,18 @@ export ${subsystemId}_adminV_user ${subsystemId}_adminR_user ${subsystemId}_admi elif [ $userid == $(eval echo \$${subsystemId}_adminE_user) -o $userid == $(eval echo \$${subsystemId}_agentE_user) ]; then #=======Expired cert waiting on response to --output ticket https://fedorahosted.org/pki/ticket/674 =======# if [ "$MYROLE" = "MASTER" ]; then - MYHOSTCA=ROOTCA - else - MYHOSTCA=$MYROLE - fi + get_topo_stack MASTER $TmpDir/topo_file + if [ $subsystemId = "SUBCA1" ]; then + MYHOSTCA=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $subsystemId = "CLONE_CA1" ]; then + MYHOSTCA=$(cat $TmpDir/topo_file | grep MY_CLONE_CA | cut -d= -f2) + else + MYHOSTCA=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi + else + MYHOSTCA=$MYROLE + fi + local profile_file="/var/lib/pki/$(eval echo \$${MYHOSTCA}_TOMCAT_INSTANCE_NAME)/ca/profiles/ca/caUserCert.cfg" default_days="policyset.userCertSet.2.default.params.range=180" change_days="policyset.userCertSet.2.default.params.range=1" diff --git a/tests/dogtag/acceptance/legacy/ca-tests/crlissuingpoint/ca-admin-crlissuingpoints.sh b/tests/dogtag/acceptance/legacy/ca-tests/crlissuingpoint/ca-admin-crlissuingpoints.sh index aae21587f..812a30a42 100755 --- a/tests/dogtag/acceptance/legacy/ca-tests/crlissuingpoint/ca-admin-crlissuingpoints.sh +++ b/tests/dogtag/acceptance/legacy/ca-tests/crlissuingpoint/ca-admin-crlissuingpoints.sh @@ -292,6 +292,7 @@ run_admin-ca-crlissuingpoints_tests() rlAssertGrep "InvalidityDate=InvalidityDate:visible:enabled" "$admin_out" rlAssertGrep "IssuerAlternativeName=IssuerAlternativeName:visible:disabled" "$admin_out" rlAssertGrep "IssuingDistributionPoint=IssuingDistributionPoint:visible:disabled" "$admin_out" + rlLog "https://fedorahosted.org/pki/ticket/1189" rlPhaseEnd @@ -316,7 +317,6 @@ run_admin-ca-crlissuingpoints_tests() rlRun "process_curl_output $admin_out" 0 "Process curl output file" rlAssertGrep "HTTP/1.1 200 OK" "$header_011" rlAssertGrep "CRLReason=CRLReason:visible:$crl_reason_status" "$admin_out" - rlLog "https://fedorahosted.org/pki/ticket/1189" rlPhaseEnd rlPhaseStartTest "pki_console_edit_delta_crl_extension-012:CA - Admin Interface - Edit delta crl extension" diff --git a/tests/dogtag/acceptance/legacy/subca-tests/acls/subca-ad-acls.sh b/tests/dogtag/acceptance/legacy/subca-tests/acls/subca-ad-acls.sh new file mode 100755 index 000000000..dc09f0a1f --- /dev/null +++ b/tests/dogtag/acceptance/legacy/subca-tests/acls/subca-ad-acls.sh @@ -0,0 +1,103 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/subca-tests/acls/subca-ad-acls.sh +# Description: SUBCA ACL tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_admin-subca-acl_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for ca-admin-acl tests + rlPhaseStartSetup "pki_console_acl Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + if [ $cs_Role="MASTER" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi + local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT) + local tmp_ca_admin=$SUBCA_INST\_adminV + local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_admin_cert=$SUBCA_INST\_adminV + local admin_out="$TmpDir/admin_out_acls" + local valid_admin_user=$SUBCA_INST\_adminV + local valid_admin_user_password=$SUBCA_INST\_adminV_password + + + rlPhaseStartTest "pki_console_acl-001:SUBCA - Admin Interface - list all ACLs" + header_001="$TmpDir/subca_acl_001.txt" + rlLog "List all ACLs" + local acls=(certServer.ca certServer.securitydomain certServer.log certServer.acl certServer.general certServer.ee certServer.ra certServer.admin certServer.ocsp certServer.auth certServer.clone certServer.policy certServer.publisher certServer.registry certServer.profile) + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_001 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=acls&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/acl >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_001 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=acls&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/acl >> $admin_out" 0 "List all ACLs" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_001" + for i in ${acls[@]}; do + rlAssertGrep "$i" "$admin_out" + done + rlPhaseEnd + + rlPhaseStartSetup "pki_console_acl-cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} + +process_curl_output() +{ + output_file=$1 + sed -i "s/\&/\n&/g" $output_file + sed -i "s/+//g" $output_file + sed -i "s/^&//g" $output_file + sed -i "s/%3A/":"/g" $output_file + sed -i "s/%3B/":"/g" $output_file +} diff --git a/tests/dogtag/acceptance/legacy/subca-tests/authplugin/subca-ad-authplugin.sh b/tests/dogtag/acceptance/legacy/subca-tests/authplugin/subca-ad-authplugin.sh new file mode 100755 index 000000000..723081415 --- /dev/null +++ b/tests/dogtag/acceptance/legacy/subca-tests/authplugin/subca-ad-authplugin.sh @@ -0,0 +1,402 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/subca_tests/subca-ad-authplugins.sh +# Description: SUBCA Admin Auth Plugin tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_admin-subca-authplugin_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for ca-admin-acl tests + rlPhaseStartSetup "pki_console_authplugin Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + if [ $cs_Role="MASTER" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi + local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT) + local tmp_ca_admin=$SUBCA_INST\_adminV + local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_admin_cert=$SUBCA_INST\_adminV + local valid_admin_user=$SUBCA_INST\_adminV + local valid_admin_user_password=$SUBCA_INST\_adminV_password + + rlPhaseStartTest "pki_console_authplugin-001:SUBCA - Admin Interface - list all auth plugin" + header_001="$TmpDir/subca_auth_001.txt" + rlLog "List all auth plugins" + local authlist=(raCertAuth AgentCertAuth SSLclientCertAuth flatFileAuth TokenAuth challengeAuthMgr certUserDBAuthMgr CMCAuth sslClientCertAuthMgr passwdUserDBAuthMgr) + admin_out="$TmpDir/admin_out_listauthplugin" + rlLog "curl --capath "$CERTDB_DIR" \ + --dump-header $header_001 \ + --basic --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" \ + --dump-header $header_001 \ + --basic --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "List all auth plugins" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_001" + for i in ${authlist[@]}; do + rlAssertGrep "$i" "$admin_out" + done + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-002:SUBCA - Admin Interface - view auth plugin" + local plugin_id="AgentCertAuth" + header_002="$TmpDir/subca_auth_002.txt" + admin_out="$TmpDir/admin_out_viewauthplugin" + rlLog "View auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_002 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_002 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "View auth plugin $plugin_id" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_002" + rlAssertGrep "implName=AgentCertAuth" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-003:SUBCA - Admin Interface - Add agentcertauth auth plugin" + local plugin_id="plug$RANDOM" + header_003="$TmpDir/ca_auth_003.txt" + admin_out="$TmpDir/admin_out_addagentcertplug" + rlLog "Add auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_003 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=AgentCertAuth&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_003 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=AgentCertAuth&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Add auth plugin $plugin_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_003" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_003 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "List all auth plugins" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_003" + rlAssertGrep "$plugin_id" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-004:SUBCA - Admin Interface - Add cmccertauth plugin" + local plugin_id="plug$RANDOM" + header_004="$TmpDir/subca_auth_004.txt" + admin_out="$TmpDir/admin_out_addcmccertauth" + rlLog "Add auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_004 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=CMCAuth&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_004 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=CMCAuth&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Add cmccert auth plugin $plugin_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_004" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_004 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "List all auth plugins" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_004" + rlAssertGrep "$plugin_id" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-005:SUBCA - Admin Interface - Add uidpwddirauth plugin" + header_005="$TmpDir/ca_auth_005.txt" + local plugin_id="plug$RANDOM" + local OP_TYPE="OP_ADD" + local LDAP_HOST=`hostname` + local LDAP_DN_PATTERN="UID=test,OU=people,O=netscapecertificateserver" + local LDAP_STR_ATTR="mail" + local LDAP_MAX_CONNS="10" + local LDAP_MIN_CONNS="2" + local LDAP_SEC_CONN="false" + local LDAP_BYTE_ATTR="mail" + admin_out="$TmpDir/admin_out_adduidpwddirauth" + rlLog "Add uidpwddirauth auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_005 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_005 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Add uidpwddirauth auth plugin $plugin_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_005 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_005 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "List all auth plugins" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "$plugin_id" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-006:SUBCA - Admin Interface - edit uidpwddirauth plugin" + local OP_TYPE="OP_MODIFY" + header_006="$TmpDir/subca_auth_006.txt" + local LDAP_BYTE_ATTR="uid" + admin_out="$TmpDir/admin_out_edituidpwddirauth" + rlLog "Add auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Edit uidpwddirauth auth plugin $plugin_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Verify uidpwddirauth auth plugin $plugin_id modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertGrep "ldapByteAttributes=$LDAP_BYTE_ATTR" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-007:SUBCA - Admin Interface - Add uidpwdpindirauth plugin" + header_007="$TmpDir/subca_auth_007.txt" + local plugin_id="plug$RANDOM" + local OP_TYPE="OP_ADD" + local LDAP_BYTE_ATTR="mail" + local LDAP_PIN_ATTR="pin" + admin_out="$TmpDir/admin_out_adduidpwdpinddirauth" + rlLog "Add uidpwdpindirauth auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_007 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdPinDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&pinAttr=$LDAP_PIN_ATTR&ldap.ldapauth.clientCertNickname=&ldap.ldapauth.bindDN=$LDAP_ROOTDN&removePin=false&ldap.ldapauth.authtype=BasicAuth&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_007 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdPinDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&pinAttr=$LDAP_PIN_ATTR&ldap.ldapauth.clientCertNickname=&ldap.ldapauth.bindDN=$LDAP_ROOTDN&removePin=false&ldap.ldapauth.authtype=BasicAuth&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Add uidpwdpindirauth auth plugin $plugin_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_007 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_007 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "List all auth plugins" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlAssertGrep "$plugin_id" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-008:SUBCA - Admin Interface - edit uidpwdpindirauth plugin" + header_008="$TmpDir/subca_auth_008.txt" + local OP_TYPE="OP_MODIFY" + local LDAP_BYTE_ATTR="uid" + admin_out="$TmpDir/admin_out_edituidpwdpindirauth" + rlLog "Add auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_008 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdPinDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&pinAttr=$LDAP_PIN_ATTR&ldap.ldapauth.clientCertNickname=&ldap.ldapauth.bindDN=$LDAP_ROOTDN&removePin=false&ldap.ldapauth.authtype=BasicAuth&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_008 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdPinDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&pinAttr=$LDAP_PIN_ATTR&ldap.ldapauth.clientCertNickname=&ldap.ldapauth.bindDN=$LDAP_ROOTDN&removePin=false&ldap.ldapauth.authtype=BasicAuth&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Edit uidpwdpindirauth auth plugin $plugin_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_008 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_008 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Verify UidPwdPinDirAuth auth plugin $plugin_id modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlAssertGrep "ldapByteAttributes=$LDAP_BYTE_ATTR" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-009:SUBCA - Admin Interface - Add udnpwddirauth plugin" + local plugin_id="plug$RANDOM" + header_009="$TmpDir/subca_auth_009.txt" + local OP_TYPE="OP_ADD" + local LDAP_BYTE_ATTR="mail" + admin_out="$TmpDir/admin_out_addudnpwddirauth" + rlLog "Add udnpwddirauth auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_009 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UdnPwdDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_009 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UdnPwdDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Add udnpwddirauth auth plugin $plugin_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_009 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "List all auth plugins" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlAssertGrep "$plugin_id" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-010:SUBCA - Admin Interface - Edit udnpwddirauth plugin" + header_010="$TmpDir/subca_auth_010.txt" + local OP_TYPE="OP_MODIFY" + local LDAP_BYTE_ATTR="uid" + admin_out="$TmpDir/admin_out_editudnpwddirauth" + rlLog "Edit udnpwddirauth auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" \ + --dump-header $header_010 \ + --basic --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UdnPwdDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" \ + --dump-header $header_010 \ + --basic --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UdnPwdDirAuth&RULENAME=$plugin_id&ldap.ldapconn.host=$LDAP_HOST&dnpattern=$LDAP_DN_PATTERN&ldapStringAttributes=$LDAP_STR_ATTR&ldap.ldapconn.version=3&ldap.ldapconn.port=$ROOTCA_LDAP_PORT&ldap.maxConns=$LDAP_MAX_CONNS&ldap.basedn=$ROOTCA_DB_SUFFIX&ldap.minConns=$LDAP_MIN_CONNS&ldap.ldapconn.secureConn=$LDAP_SEC_CONN&ldapByteAttributes=$LDAP_BYTE_ATTR&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Edit udnpwddirauth auth plugin $plugin_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_010 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_010 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Verify UdnPwdDirAuth auth plugin $plugin_id modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlAssertGrep "ldapByteAttributes=$LDAP_BYTE_ATTR" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_authplugin-011:SUBCA - Admin Interface - Delete auth plugin" + local OP_TYPE="OP_DELETE" + header_011="$TmpDir/subca_auth_011.txt" + admin_out="$TmpDir/admin_out_deleteauthplugin" + rlLog "Delete auth plugin $plugin_id" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_011 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_011 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=$OP_TYPE&OP_SCOPE=instance&RS_ID=$plugin_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "Delete auth plugin $plugin_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlLog "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_011 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_011 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=instance&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/auths >> $admin_out" 0 "List all auth plugins" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlAssertNotGrep "$plugin_id" "$admin_out" + rlPhaseEnd + + rlPhaseStartSetup "pki_console_acl-cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} + +process_curl_output() +{ + output_file=$1 + sed -i "s/\&/\n&/g" $output_file + sed -i "s/+//g" $output_file + sed -i "s/^&//g" $output_file + sed -i "s/%3A/":"/g" $output_file + sed -i "s/%3B/":"/g" $output_file +} diff --git a/tests/dogtag/acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh b/tests/dogtag/acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh new file mode 100755 index 000000000..786fb22ca --- /dev/null +++ b/tests/dogtag/acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh @@ -0,0 +1,525 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh +# Description: SUBCA Admin CRL Issuing Point tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_admin-subca-crlissuingpoints_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for ca-admin-crlissuingpoint tests + rlPhaseStartSetup "pki_console_internaldb Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + if [ $cs_Role="MASTER" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi + local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT) + local tmp_ca_admin=$SUBCA_INST\_adminV + local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_admin_cert=$SUBCA_INST\_adminV + local crl_ip_id="crl02" + local crl_ip_desc="testdescription" + local crl_ip_enable="true" + local valid_admin_user=$SUBCA_INST\_adminV + local valid_admin_user_password=$SUBCA_INST\_adminV_password + + rlPhaseStartTest "pki_console_add_crl_issuing_point-001:SUBCA - Admin Interface - add crl issuing point" + local admin_out="$TmpDir/admin_out_addcrlip" + header_001="$TmpDir/subca_cip_001.txt" + rlLog "Add crl issuing point" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_001 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=crlIPs&RS_ID=$crl_ip_id&id=$crl_ip_id&description=$crl_ip_desc&enable=$crl_ip_enable&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin > $admin_out" 0 "Add crl issuing point" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_001" + rlAssertGrep "id=$crl_ip_id" "$admin_out" + rlAssertGrep "description=$crl_ip_desc" "$admin_out" + rlAssertGrep "enable=$crl_ip_enable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_crl_issuing_point-002:SUBCA - Admin Interface - edit crl issuing point" + local admin_out="$TmpDir/admin_out_edit_crlip" + header_002="$TmpDir/subca_cip_002.txt" + crl_ip_desc="testdescriptionmodified" + rlLog "Edit crl issuing point" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_002 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crlIPs&RS_ID=$crl_ip_id&id=$crl_ip_id&description=$crl_ip_desc&enable=$crl_ip_enable&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit crl issuing point" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_002" + rlAssertGrep "id=$crl_ip_id" "$admin_out" + rlAssertGrep "description=$crl_ip_desc" "$admin_out" + rlAssertGrep "enable=$crl_ip_enable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_list_all_crl_issuing_point-003:SUBCA - Admin Interface - List all crl issuing point" + local admin_out="$TmpDir/admin_out_list_crlip" + header_003="$TmpDir/subca_cip_003.txt" + rlLog "List all crl issuing point" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_003 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=crlIPs&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "List crl issuing points" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_003" + rlAssertGrep "$crl_ip_id=$crl_ip_desc" "$admin_out" + rlAssertGrep "$crl_ip_id.enable=$crl_ip_enable" "$admin_out" + rlAssertGrep "MasterCRL" "$admin_out" + rlAssertGrep "MasterCRL.enable=true" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_read_crl_update_info-004:SUBCA - Admin Interface - Read CRL update info" + local admin_out="$TmpDir/admin_out_read_crl_update_info" + header_004="$TmpDir/subca_cip_004.txt" + rlLog "Read CRL update info" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_004 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crl&RS_ID=$crl_ip_id&enableCRLUpdates=&updateSchema=&extendedNextUpdate=&alwaysUpdate=&enableDailyUpdates=&dailyUpdates=&enableUpdateInterval=&autoUpdateInterval=&nextUpdateGracePeriod=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Read CRL Update info" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_004" + rlAssertGrep "enableCRLUpdates=true" "$admin_out" + rlAssertGrep "updateSchema=1" "$admin_out" + rlAssertGrep "extendedNextUpdate=true" "$admin_out" + rlAssertGrep "alwaysUpdate=false" "$admin_out" + rlAssertGrep "enableDailyUpdates=false" "$admin_out" + rlAssertGrep "dailyUpdates=3:45" "$admin_out" + rlAssertGrep "enableUpdateInterval=true" "$admin_out" + rlAssertGrep "autoUpdateInterval=240" "$admin_out" + rlAssertGrep "nextUpdateGracePeriod=0" "$admin_out" + rlAssertGrep "defaultSigningAlgorithm=SHA512withRSA" "$admin_out" + rlAssertGrep "allSigningAlgorithms=SHA1withRSA:SHA256withRSA:SHA512withRSA:MD5withRSA:MD2withRSA" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_read_crl_cache_info-005:SUBCA - Admin Interface - Read CRL cache info" + header_005="$TmpDir/subca_cip_005.txt" + local admin_out="$TmpDir/admin_out_read_crl_cache_info" + rlLog "Read CRL cache info" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_005 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crl&RS_ID=$crl_ip_id&enableCRLCache=&cacheUpdateInterval=&enableCacheRecovery=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Read CRL Cache info" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "enableCRLCache=true" "$admin_out" + rlAssertGrep "cacheUpdateInterval=15" "$admin_out" + rlAssertGrep "enableCacheRecovery=true" "$admin_out" + rlAssertGrep "defaultSigningAlgorithm=SHA512withRSA" "$admin_out" + rlAssertGrep "allSigningAlgorithms=SHA1withRSA:SHA256withRSA:SHA512withRSA:MD5withRSA:MD2withRSA" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_read_crl_format_info-006:SUBCA - Admin Interface - Read CRL format info" + header_006="$TmpDir/subca_cip_006.txt" + local admin_out="$TmpDir/admin_out_read_crl_format_info" + rlLog "Read CRL format info" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crl&RS_ID=$crl_ip_id&allowExtensions=&signingAlgorithm=&includeExpiredCerts=&caCertsOnly=&profileCertsOnly=&profileList=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Read CRL format info" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertGrep "allowExtensions=true" "$admin_out" + rlAssertGrep "signingAlgorithm=SHA256withRSA" "$admin_out" + rlAssertGrep "includeExpiredCerts=false" "$admin_out" + rlAssertGrep "caCertsOnly=false" "$admin_out" + rlAssertGrep "profileCertsOnly=" "$admin_out" + rlAssertGrep "profileList=" "$admin_out" + rlAssertGrep "defaultSigningAlgorithm=SHA512withRSA" "$admin_out" + rlAssertGrep "allSigningAlgorithms=SHA1withRSA:SHA256withRSA:SHA512withRSA:MD5withRSA:MD2withRSA" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_crl_update_info-007:SUBCA - Admin Interface - Edit CRL update info" + header_007="$TmpDir/subca_cip_007.txt" + local admin_out="$TmpDir/admin_out_edit_crl_update_info" + enable_crl_update="true" + update_schema="1" + extended_next_update="true" + always_update="false" + enable_daily_updates="false" + daily_update_time="3:45" + enable_update_interval="true" + auto_update_interval="240" + next_update_grace_period="1" + rlLog "Edit CRL update info" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_007 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crl&RS_ID=$crl_ip_id&enableCRLUpdates=$enable_crl_update&updateSchema=$update_schema&extendedNextUpdate=$extended_next_update&alwaysUpdate=$always_update&enableDailyUpdates=$enable_daily_updates&dailyUpdates=$daily_update_time&enableUpdateInterval=$enable_update_interval&autoUpdateInterval=$auto_update_interval&nextUpdateGracePeriod=$next_update_grace_period&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit CRL Update info" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_007 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crl&RS_ID=$crl_ip_id&enableCRLUpdates=&updateSchema=&extendedNextUpdate=&alwaysUpdate=&enableDailyUpdates=&dailyUpdates=&enableUpdateInterval=&autoUpdateInterval=&nextUpdateGracePeriod=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Read CRL Update info" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlAssertGrep "enableCRLUpdates=$enable_crl_update" "$admin_out" + rlAssertGrep "updateSchema=$update_schema" "$admin_out" + rlAssertGrep "extendedNextUpdate=$extended_next_update" "$admin_out" + rlAssertGrep "alwaysUpdate=$always_update" "$admin_out" + rlAssertGrep "enableDailyUpdates=$enable_daily_updates" "$admin_out" + rlAssertGrep "dailyUpdates=$daily_update_time" "$admin_out" + rlAssertGrep "enableUpdateInterval=$enable_update_interval" "$admin_out" + rlAssertGrep "autoUpdateInterval=$auto_update_interval" "$admin_out" + rlAssertGrep "nextUpdateGracePeriod=$next_update_grace_period" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_crl_cache_info-008:SUBCA - Admin Interface - Edit CRL cache info" + header_008="$TmpDir/subca_cip_008.txt" + local admin_out="$TmpDir/admin_out_edit_crl_cache_info" + enable_crl_cache="true" + cache_update_interval="15" + enable_cache_recovery="true" + rlLog "Edit CRL cache info" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_008 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crl&RS_ID=$crl_ip_id&enableCRLCache=$enable_crl_cache&cacheUpdateInterval=$cache_update_interval&enableCacheRecovery=$enable_cache_recovery&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit CRL Cache info" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_008 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crl&RS_ID=$crl_ip_id&enableCRLCache=&cacheUpdateInterval=&enableCacheRecovery=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Read CRL Cache info" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlAssertGrep "enableCRLCache=$enable_crl_cache" "$admin_out" + rlAssertGrep "cacheUpdateInterval=$cache_update_interval" "$admin_out" + rlAssertGrep "enableCacheRecovery=$enable_cache_recovery" "$admin_out" + rlAssertGrep "defaultSigningAlgorithm=SHA512withRSA" "$admin_out" + rlAssertGrep "allSigningAlgorithms=SHA1withRSA:SHA256withRSA:SHA512withRSA:MD5withRSA:MD2withRSA" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_crl_format_info-009:SUBCA - Admin Interface - Edit CRL format info" + header_009="$TmpDir/subca_cip_009.txt" + local admin_out="$TmpDir/admin_out_edit_crl_format_info" + allow_extensions="true" + include_expired_certs="false" + ca_certs_only="false" + profile_certs_only="true" + profile_list="caUserCert" + signing_algorithm="SHA256withRSA" + rlLog "Edit CRL format info" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_009 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crl&RS_ID=$crl_ip_id&allowExtensions=$allow_extensions&signingAlgorithm=$signing_algorithm&includeExpiredCerts=$include_expired_certs&caCertsOnly=$ca_certs_only&profileCertsOnly=$profile_certs_only&profileList=$profile_list&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit CRL Format info" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_009 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crl&RS_ID=$crl_ip_id&allowExtensions=&signingAlgorithm=&includeExpiredCerts=&caCertsOnly=&profileCertsOnly=&profileList=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Read CRL format info" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlAssertGrep "allowExtensions=$allow_extensions" "$admin_out" + rlAssertGrep "signingAlgorithm=$signing_algorithm" "$admin_out" + rlAssertGrep "includeExpiredCerts=$include_expired_certs" "$admin_out" + rlAssertGrep "caCertsOnly=$ca_certs_only" "$admin_out" + rlAssertGrep "profileCertsOnly=$profile_certs_only" "$admin_out" + rlAssertGrep "profileList=$profile_list" "$admin_out" + rlAssertGrep "defaultSigningAlgorithm=SHA512withRSA" "$admin_out" + rlAssertGrep "allSigningAlgorithms=SHA1withRSA:SHA256withRSA:SHA512withRSA:MD5withRSA:MD2withRSA" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_list_all_crl_extensions-010:SUBCA - Admin Interface - List all crl extensions" + header_010="$TmpDir/subca_cip_010.txt" + local admin_out="$TmpDir/admin_out_list_crl_extension" + rlLog "List all crl extension" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_010 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=crlExtsRules&RS_ID=$crl_ip_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "List all crl extensions" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlAssertGrep "AuthorityInformationAccess=AuthorityInformationAccess:visible:disabled" "$admin_out" + rlAssertGrep "AuthorityKeyIdentifier=AuthorityKeyIdentifier:visible:enabled" "$admin_out" + rlAssertGrep "CRLNumber=CRLNumber:visible:enabled" "$admin_out" + rlAssertGrep "CRLReason=CRLReason:visible:enabled" "$admin_out" + rlAssertGrep "DeltaCRLIndicator=DeltaCRLIndicator:visible:disabled" "$admin_out" + rlAssertGrep "FreshestCRL=FreshestCRL:visible:disabled" "$admin_out" + rlAssertGrep "InvalidityDate=InvalidityDate:visible:enabled" "$admin_out" + rlAssertGrep "IssuerAlternativeName=IssuerAlternativeName:visible:disabled" "$admin_out" + rlAssertGrep "IssuingDistributionPoint=IssuingDistributionPoint:visible:disabled" "$admin_out" + rlLog "https://fedorahosted.org/pki/ticket/1189" + rlPhaseEnd + + + rlPhaseStartTest "pki_console_edit_crl_reason_extension-011:SUBCA - Admin Interface - Edit crl reason extension" + header_011="$TmpDir/subca_cip_011.txt" + local admin_out="$TmpDir/admin_out_edit_crl_reason_extension" + crl_reason_enable="true" + crl_reason_status="enabled" + crl_reason_critical="false" + rlLog "Edit crl reason extension" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_011 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crlExtsRules&RS_ID=CRLReason&id=$crl_ip_id&implName=CMSCRLReasonExtension&enable=$crl_reason_enable&critical=$crl_reason_critical&RULENAME=CRLReason&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit crl reason extension" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_011 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=crlExtsRules&RS_ID=$crl_ip_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "List all crl extensions" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlAssertGrep "CRLReason=CRLReason:visible:$crl_reason_status" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_delta_crl_extension-012:SUBCA - Admin Interface - Edit delta crl extension" + header_012="$TmpDir/subca_cip_012.txt" + local admin_out="$TmpDir/admin_out_edit_delta_crl_extension" + delta_crl_enable="true" + delta_crl_critical="false" + rlLog "Edit delta crl extension" + rlRun "curl --capath "$CERTDB_DIR" \ + --dump-header $header_012 \ + --basic --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crlExtsRules&RS_ID=DeltaCRLIndicator&id=$crl_ip_id&implName=CMSDeltaCRLIndicatorExtension&enable=$delta_crl_enable&critical=$delta_crl_critical&RULENAME=DeltaCRLIndicator&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit delta crl extension" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_012 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crlExtsRules&RS_ID=DeltaCRLIndicator&$crl_ip_id=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Verify Modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlAssertGrep "enable=$delta_crl_enable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_issuer_alternative_name_extension-013:SUBCA - Admin Interface - Edit issuer alternative name extension" + header_013="$TmpDir/subca_cip_013.txt" + local admin_out="$TmpDir/admin_out_edit_issuer_alternative_name_extension" + ian_enable="true" + ian_critical="false" + ian_name="http://www.redhat.com" + ian_name_type="URI" + rlLog "Edit Issuer Alternative Name extension" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_013 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crlExtsRules&RS_ID=IssuerAlternativeName&implName=CMSIssuerAlternativeNameExtension&id=$crl_ip_id&enable=$ian_enable&critical=$ian_critical&RULENAME=IssuerAlternativeName&numNames=1&name0=$ian_name&nameType0=$ian_name_type&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit Issuer Alternative name extension" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_013 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crlExtsRules&RS_ID=IssuerAlternativeName&$crl_ip_id=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Verify Modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlAssertGrep "enable=$ian_enable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_invalidity_date_extension-014:SUBCA - Admin Interface - Edit invalidity date extension" + header_014="$TmpDir/subca_cip_014.txt" + local admin_out="$TmpDir/admin_out_edit_invalidity_date_extension" + inv_date_enable="true" + inv_date_critical="false" + rlLog "Edit invalidity date extension" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_014 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crlExtsRules&RS_ID=InvalidityDate&implName=CMSInvalidityDateExtension&id=$crl_ip_id&enable=$inv_date_enable&critical=$inv_date_critical&RULENAME=InvalidityDate&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit Invalidity Date extension" + rlAssertGrep "HTTP/1.1 200 OK" "$header_014" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_014 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crlExtsRules&RS_ID=InvalidityDate&$crl_ip_id=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Verify Modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_014" + rlAssertGrep "enable=$inv_date_enable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_authority_key_identifier_extension-015:SUBCA - Admin Interface - Edit authority key identifier extension" + header_015="$TmpDir/subca_cip_015.txt" + local admin_out="$TmpDir/admin_out_edit_authority_key_identifier_extension" + aki_enable="true" + aki_critical="false" + rlLog "Edit authority key identifier extension" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_015 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crlExtsRules&RS_ID=AuthorityKeyIdentifier&implName=CMSAuthorityKeyIdentifierExtension&id=$crl_ip_id&enable=$aki_enable&critical=$aki_critical&RULENAME=AuthorityKeyIdentifier&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit Authority Key Identifier extension" + rlAssertGrep "HTTP/1.1 200 OK" "$header_015" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_015 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crlExtsRules&RS_ID=AuthorityKeyIdentifier&$crl_ip_id=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Verify Modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_015" + rlAssertGrep "enable=$aki_enable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_freshest_crl_extension-016:SUBCA - Admin Interface - Edit freshest crl extension" + header_016="$TmpDir/subca_cip_016.txt" + local admin_out="$TmpDir/admin_out_edit_freshest_crl_extension" + fcrl_enable="true" + fcrl_critical="false" + fcrl_name="http://www.redhat.com" + fcrl_name_type="URI" + rlLog "Edit freshest crl extension" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_016 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crlExtsRules&RS_ID=FreshestCRL&implName=CMSFreshestCRLExtension&id=$crl_ip_id&enable=$fcrl_enable&critical=$fcrl_critical&RULENAME=FreshestCRL&numPoints=1&point0=$fcrl_name&pointType0=$fcrl_name_type&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit Freshest CRL extension" + rlAssertGrep "HTTP/1.1 200 OK" "$header_016" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_016 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crlExtsRules&RS_ID=FreshestCRL&$crl_ip_id=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Verify Modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_016" + rlAssertGrep "enable=$fcrl_enable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_crl_number_extension-017:SUBCA - Admin Interface - Edit CRL number extension" + header_017="$TmpDir/subca_cip_017.txt" + local admin_out="$TmpDir/admin_out_edit_crl_number_extension" + cnum_enable="true" + cnum_critical="false" + rlLog "Edit CRL number extension" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_017 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crlExtsRules&RS_ID=CRLNumber&implName=CMSCRLNumberExtension&id=$crl_ip_id&enable=$cnum_enable&critical=$cnum_critical&RULENAME=CRLNumber&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit CRL Number extension" + rlAssertGrep "HTTP/1.1 200 OK" "$header_017" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_017 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crlExtsRules&RS_ID=CRLNumber&$crl_ip_id=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Verify Modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_017" + rlAssertGrep "enable=$cnum_enable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_issuing_distribution_point_extension-018:SUBCA - Admin Interface - Edit Issuing Distribution Point extension" + header_018="$TmpDir/subca_cip_018.txt" + local admin_out="$TmpDir/admin_out_issuing_dp_extension" + idp_enable="true" + idp_critical="false" + idp_point_name="http://www.redhat.com" + idp_point_type="URI" + idp_only_ca_certs="true" + idp_indirect_crl="true" + idp_reasons="keyCompromise\,certificateHold" + idp_only_user_certs="true" + rlLog "Edit Issuing Distribution Point extension" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_018 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=crlExtsRules&RS_ID=IssuingDistributionPoint&implName=CMSIssuingDistributionPointExtension&id=$crl_ip_id&enable=$idp_enable&critical=$idp_critical&RULENAME=IssuingDistributionPoint&pointType=$idp_point_type&onlyContainsCACerts=$idp_only_ca_certs&pointName=$idp_point_name&onlySomeReasons=$idp_reasons&indirectCRL=$idp_indirect_crl&onlyContainsUserCerts=$idp_only_user_certs&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Edit CRL Number extension" + rlAssertGrep "HTTP/1.1 200 OK" "$header_018" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_018 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=crlExtsRules&RS_ID=IssuingDistributionPoint&$crl_ip_id=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Verify Modification" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_018" + rlAssertGrep "enable=$idp_enable" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_delete_crl_issuing_point-019:SUBCA - Admin Interface - delete crl issuing point" + header_019="$TmpDir/subca_cip_019.txt" + local admin_out="$TmpDir/admin_out_deletecrl" + rlLog "Delete crl issuing point" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_019 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=crlIPs&RS_ID=$crl_ip_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "Delete crl issuing point" + rlAssertGrep "HTTP/1.1 200 OK" "$header_019" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_019 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=crlIPs&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $admin_out" 0 "List crl issuing points" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_019" + rlAssertNotGrep "$crl_ip_id" "$admin_out" + rlPhaseEnd + + rlPhaseStartSetup "pki_console_crlip_cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} + +process_curl_output() +{ + output_file=$1 + sed -i "s/\&/\n&/g" $output_file + sed -i "s/+//g" $output_file + sed -i "s/^&//g" $output_file + sed -i "s/%3A/":"/g" $output_file + sed -i "s/%3B/":"/g" $output_file +} diff --git a/tests/dogtag/acceptance/legacy/subca-tests/crls/subca-ag-crls.sh b/tests/dogtag/acceptance/legacy/subca-tests/crls/subca-ag-crls.sh new file mode 100755 index 000000000..6a06ec48f --- /dev/null +++ b/tests/dogtag/acceptance/legacy/subca-tests/crls/subca-ag-crls.sh @@ -0,0 +1,306 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/subca-tests/crls/subca-ag-crls.sh +# Description: SUBCA Agent CRL tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +. /opt/rhqa_pki/pki-auth-plugin-lib.sh + +run_agent-subca-crls_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for ca-agent-crls tests + rlPhaseStartSetup "pki_console_internaldb Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + if [ $cs_Role="MASTER" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi + local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT) + local tmp_ca_agent=$SUBCA_INST\_agentV + local tmp_ca_admin=$SUBCA_INST\_adminV + local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$SUBCA_INST\_agentV + local valid_admin_cert=$SUBCA_INST\_adminV + local cert_find_info="$TmpDir/cert_find_info" + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local cert_info="$TmpDir/cert_info" + local SSL_DIR=$CERTDB_DIR + local valid_admin_user=$SUBCA_INST\_adminV + local valid_admin_user_password=$SUBCA_INST\_adminV_password + + rlPhaseStartTest "pki_subca_agent_display_crl_entire_crl-001:SUBCA - Agent Interface - Display Master CRL with entire CRL display type" + local test_out="$TmpDir/admin_out_displaycrl_entireCRL" + header_001="$TmpDir/subca_crls_001.txt" + crl_ip="MasterCRL" + crl_display_type="entireCRL" + rlLog "Display Master CRL with entire CRL display type" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_001 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"pageSize=50&crlIssuingPoint=$crl_ip&pageStart=1&crlDisplayType=$crl_display_type\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_001" + rlAssertGrep "header.crlIssuingPoint = \"$crl_ip\"" "$test_out" + rlAssertGrep "header.crlDisplayType = \"$crl_display_type\"" "$test_out" + rlAssertGrep "Version:" "$test_out" + rlAssertGrep "Signature Algorithm:" "$test_out" + rlAssertGrep "Issuer:" "$test_out" + rlAssertGrep "Signature:" "$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_agent_display_crl_cached_crl-002:SUBCA - Agent Interface - Display a newly added CRL with cached CRL display type" + local test_out="$TmpDir/admin_out_displaycrl_cachedCRL" + header_002="$TmpDir/subca_crls_002.txt" + crl_ip="testcrl" + crl_display_type="cachedCRL" + rlLog "Add a new CRL issuing point" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_002 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=crlIPs&RS_ID=$crl_ip&id=$crl_ip&description=$crl_ip&enable=true&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin > $test_out" 0 "Add crl issuing point" + rlAssertGrep "HTTP/1.1 200 OK" "$header_002" + rlLog " Display a newly added CRL with cached CRL display type" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_002 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"pageSize=50&crlIssuingPoint=$crl_ip&pageStart=1&crlDisplayType=$crl_display_type\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_002" + rlAssertGrep "header.crlIssuingPoint = \"$crl_ip\"" "$test_out" + rlAssertGrep "header.crlDisplayType = \"$crl_display_type\"" "$test_out" + rlAssertGrep "Signature Algorithm:" "$test_out" + rlAssertGrep "Issuer:" "$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_agent_display_crl_crl_header-003:SUBCA - Agent Interface - Display a CRL with CRL header display type" + local test_out="$TmpDir/admin_out_displaycrl_CRLHeader" + header_003="$TmpDir/subca_crls_003.txt" + crl_display_type="crlHeader" + rlLog " Display a CRL with CRL Header display type" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_003 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"pageSize=50&crlIssuingPoint=$crl_ip&pageStart=1&crlDisplayType=$crl_display_type\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_003" + rlAssertGrep "header.crlIssuingPoint = \"$crl_ip\"" "$test_out" + rlAssertGrep "header.crlDisplayType = \"$crl_display_type\"" "$test_out" + rlAssertGrep "Version:" "$test_out" + rlAssertGrep "Signature Algorithm:" "$test_out" + rlAssertGrep "Issuer:" "$test_out" + rlAssertGrep "Signature:" "$test_out" + rlPhaseEnd +4 + rlPhaseStartTest "pki_subca_agent_display_crl_base64-004:SUBCA - Agent Interface - Display a CRL with base64 encoded display type" + local test_out="$TmpDir/admin_out_displaycrl_base64" + header_004="$TmpDir/subca_crls_004.txt" + crl_display_type="base64Encoded" + rlLog " Display a CRL with base64 encoded display type" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_004 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"pageSize=50&crlIssuingPoint=$crl_ip&pageStart=1&crlDisplayType=$crl_display_type\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_004" + rlAssertGrep "header.crlIssuingPoint = \"$crl_ip\"" "$test_out" + rlAssertGrep "header.crlDisplayType = \"$crl_display_type\"" "$test_out" + rlAssertGrep "BEGIN CERTIFICATE REVOCATION LIST" "$test_out" + rlAssertGrep "END CERTIFICATE REVOCATION LIST" "$test_out" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_agent_update_crl-005:SUBCA - Agent Interface - Update CRL" + local test_out="$TmpDir/admin_out_updatecrl" + header_005="$TmpDir/subca_crls_005.txt" + local waitForUpdate="true" + local signatureAlgorithm="SHA256withRSA" + local crlNumber="1" + local crl_display_type="entireCRL" + rlLog " Display CRL and note the CRL number" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_005 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"pageSize=50&crlIssuingPoint=$crl_ip&pageStart=1&crlDisplayType=$crl_display_type\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "header.crlNumber = \"$crlNumber\"" "$test_out" + rlLog "Update CRL" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_005 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"crlIssuingPoint=$crl_ip&waitForUpdate=$waitForUpdate&signatureAlgorithm=$signatureAlgorithm&\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/updateCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + crlNumber=$((crlNumber + 1)) + rlLog " Display CRL to verify the updated CRL number" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_005 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"pageSize=50&crlIssuingPoint=$crl_ip&pageStart=1&crlDisplayType=$crl_display_type\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "header.crlNumber = \"$crlNumber\"" "$test_out" + + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_005 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=crlIPs&RS_ID=$crl_ip&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/caadmin >> $test_out" 0 "Delete crl issuing point" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_agent_update_ds-006:SUBCA - Agent Interface - Update DS" + local test_out="$TmpDir/admin_out_updateds" + header_006="$TmpDir/ca_crls_006.txt" + local dn_pattern="uid=\$subj.cn,ou=people,$(eval echo \$${SUBCA_INST}_DB_SUFFIX)" + local ldap_host=`hostname` + local ldap_port=$(eval echo \$${SUBCA_INST}_LDAP_PORT) + local ldap_bind=$(eval echo \$${SUBCA_INST}_LDAP_ROOTDN) + local ldap_bind_pwd=$(eval echo \$${SUBCA_INST}_LDAP_ROOTDNPWD) + local ldap_secure="false" + local ldap_prompt="CA LDAP Publishing" + local ldap_authtype="BasicAuth" + rlLog "Edit LDAP ca cert mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=mapperRules&RULENAME=LdapCaCertMap&createCAEntry=true&implName=LdapCaSimpleMap&dnPattern=$dn_pattern&RD_ID=LdapCaCertMap&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $test_out" 0 "Edit LdapCaCertMapper" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlLog "Edit LDAP user cert mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=mapperRules&RULENAME=LdapUserCertMap&implName=LdapSimpleMap&dnPattern=$dn_pattern&RD_ID=LdapUserCertMap&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $test_out" 0 "Edit LdapUserCertMapper" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlLog "Edit LDAP crl mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=mapperRules&RULENAME=LdapCrlMap&implName=LdapCaSimpleMap&dnPattern=$dn_pattern&RD_ID=LdapCrlMap&createCAEntry=true&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $test_out" 0 "Edit LdapCrlMapper" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + + rlLog "Enable Publishing with Basic Auth" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_PROCESS&OP_SCOPE=ldap&RD_ID=RD_ID_CONFIG&publishingEnable=true&enable=true&ldapconn.host=$ldap_host&ldapconn.port=$ldap_port&ldapconn.secureConn=$ldap_secure&ldapauth.bindPWPrompt=$ldap_prompt&ldapauth.bindDN=$ldap_bind&directoryManagerPwd=$ldap_bind_pwd&ldapconn.version=3&ldapauth.authtype=$ldap_authtype&ldapauth.clientCertNickname=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $test_out" 0 "Enable Publishing with Basic Auth" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlLog "Save LDAP auth config" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=ldap&RD_ID=RD_ID_CONFIG&publishingEnable=true&enable=true&ldapconn.host=$ldap_host&ldapconn.port=$ldap_port&ldapconn.secureConn=$ldap_secure&ldapauth.bindPWPrompt=$ldap_prompt&ldapauth.bindDN=$ldap_bind&directoryManagerPwd=$ldap_bind_pwd&ldapconn.version=3&ldapauth.authtype=$ldap_authtype&ldapauth.clientCertNickname=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $test_out" 0 "Save Ldap auth config" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + + rlLog "Generate a user cert and revoke the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Test User\" subject_uid:testuser subject_email:testuser@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$tmp_ca_host protocol: port:$target_unsecure_port cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$valid_agent_cert\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Display CRL" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_006 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"pageSize=50&crlIssuingPoint=MasterCRL&pageStart=1&crlDisplayType=entireCRL\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertNotGrep "Serial Number: $valid_crmf_serialNumber" "$test_out" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$valid_agent_cert\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $target_unsecure_port \ + cert-revoke $valid_crmf_serialNumber --force" + + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_006 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"expiredTo=&updateCRL=yes&validFrom=&expiredFrom=&validTo=&revokedTo=&revokedFrom=&\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/updateDir > /tmp/updateds" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlLog "Update CRL" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_006 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"crlIssuingPoint=MasterCRL&signatureAlgorithm=$signatureAlgorithm&\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/updateCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $header_006 \ + -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \ + -d \"pageSize=50&crlIssuingPoint=MasterCRL&pageStart=1&crlDisplayType=entireCRL\" \ + https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL > $test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + local STRIP_HEX=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL=${STRIP_HEX^^} + valid_serial="0x$CONV_UPP_VAL" + rlAssertGrep "Serial Number: $valid_serial" "$test_out" + rlPhaseEnd + + rlPhaseStartSetup "pki_console_crlip_cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} + +process_curl_output() +{ + output_file=$1 + sed -i "s/\&/\n&/g" $output_file + sed -i "s/+//g" $output_file + sed -i "s/^&//g" $output_file + sed -i "s/%3A/":"/g" $output_file + sed -i "s/%3B/":"/g" $output_file +} diff --git a/tests/dogtag/acceptance/legacy/subca-tests/internaldb/subca-ad-internaldb.sh b/tests/dogtag/acceptance/legacy/subca-tests/internaldb/subca-ad-internaldb.sh new file mode 100755 index 000000000..de049d965 --- /dev/null +++ b/tests/dogtag/acceptance/legacy/subca-tests/internaldb/subca-ad-internaldb.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/subca_tests/internaldb/subca-ad-internaldb.sh +# Description: SUBCA Admin Internal DB tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_admin-subca-intdb_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for ca-admin-internaldb tests + rlPhaseStartSetup "pki_console_internaldb Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + if [ $cs_Role="MASTER" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi + local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT) + local tmp_ca_admin=$SUBCA_INST\_adminV + local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_admin_cert=$SUBCA_INST\_adminV + local admin_out="$TmpDir/admin_out" + local ldap_host=`hostname` + local ldap_port=$(eval echo \$${SUBCA_INST}_LDAP_PORT) + local ldap_bind=$(eval echo \$${SUBCA_INST}_LDAP_ROOTDN) + local valid_admin_user=$SUBCA_INST\_adminV + local valid_admin_user_password=$SUBCA_INST\_adminV_password + + rlPhaseStartTest "pki_console_list_intdb-001:SUBCA - Admin Interface - list internaldb" + header_001="$TmpDir/subca_intdb_001.txt" + rlLog "List internal db" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_001 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=ldap&RS_ID=RS_ID_CONFIG&ldapconn.host=&ldapconn.port=&ldapconn.bindDN=&ldapconn.version=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/server >> $admin_out" 0 "List internal DB" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_001" + rlAssertGrep "ldapconn.host=localhost" "$admin_out" + rlAssertGrep "ldapconn.port=$(eval echo \$${SUBCA_INST}_LDAP_PORT)" "$admin_out" + rlAssertGrep "ldapconn.bindDN=" "$admin_out" + rlAssertGrep "ldapconn.version=" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_intdb-002:SUBCA - Admin Interface - edit internaldb" + rlLog "Edit internal db" + header_002="$TmpDir/subca_intdb_002.txt" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_002 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=ldap&RS_ID=RS_ID_CONFIG&ldapconn.host=$ldap_host&ldapconn.port=$ldap_port&ldapconn.bindDN=$ldap_bind&ldapconn.version=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/server" 0 "Edit internal DB" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=ldap&RS_ID=RS_ID_CONFIG&ldapconn.host=&ldapconn.port=&ldapconn.bindDN=&ldapconn.version=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/server >> $admin_out" 0 "List internal DB" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_002" + rlAssertGrep "ldapconn.host=$ldap_host" "$admin_out" + rlAssertGrep "ldapconn.port=$ldap_port" "$admin_out" + rlAssertGrep "ldapconn.bindDN=cn\%3DDSManager" "$admin_out" + rlAssertGrep "ldapconn.version=" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=ldap&RS_ID=RS_ID_CONFIG&ldapconn.host=localhost&ldapconn.port=$ldap_port&ldapconn.bindDN=&ldapconn.version=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/server" 0 "Edit internal DB" + rlPhaseEnd + + rlPhaseStartSetup "pki_console_internaldb-cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} + +process_curl_output() +{ + output_file=$1 + sed -i "s/\&/\n&/g" $output_file + sed -i "s/+//g" $output_file + sed -i "s/^&//g" $output_file + sed -i "s/%3A/":"/g" $output_file + sed -i "s/%3B/":"/g" $output_file +} diff --git a/tests/dogtag/acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh b/tests/dogtag/acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh new file mode 100755 index 000000000..5503eee9e --- /dev/null +++ b/tests/dogtag/acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh @@ -0,0 +1,1024 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/subca_tests/publishing/subca-ad-publishing.sh +# Description: SUBCA publishing tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_admin-subca-publishing_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for ca-admin-internaldb tests + rlPhaseStartSetup "pki_console_internaldb Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + if [ $cs_Role="MASTER" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi + local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT) + local tmp_ca_admin=$SUBCA_INST\_adminV + local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_admin_cert=$SUBCA_INST\_adminV + local ldap_host=`hostname` + local ldap_port=$(eval echo \$${SUBCA_INST}_LDAP_PORT) + local ldap_bind=$(eval echo \$${SUBCA_INST}_LDAP_ROOTDN) + local ldap_bind_pwd=$(eval echo \$${SUBCA_INST}_LDAP_ROOTDNPWD) + local ldap_secure="false" + local ldap_prompt="CA LDAP Publishing" + local ldap_authtype="BasicAuth" + local valid_admin_user=$SUBCA_INST\_adminV + local valid_admin_user_password=$SUBCA_INST\_adminV_password + + rlPhaseStartTest "pki_console_enable_publishing-001:SUBCA - Admin Interface - Enable Publishing" + header_001="$TmpDir/subca_pub_001.txt" + local admin_out="$TmpDir/admin_out_enablepub" + rlLog "Enable Publishing" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_001 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_PROCESS&OP_SCOPE=ldap&RS_ID=RS_ID_CONFIG&publishingEnable=true&enable=true&ldapconn.host=$ldap_host&ldapconn.port=$ldap_port&ldapConn.secureConn=$ldap_secure&ldapauth.bindPWPrompt=$ldap_prompt&ldapauth.bindDN=$ldap_bind&directoryManagerPwd=$ldap_bind_pwd&ldapconn.version=3&ldapauth.authtype=$ldap_authtype&ldapauth.clientCertNickname=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Enable Publishing" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_001" + rlAssertGrep "Success" "$admin_out" + rlAssertNotGrep "Failure" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_read_publishing_config-002:SUBCA - Admin Interface - Read Publishing config" + header_002="$TmpDir/subca_pub_002.txt" + local admin_out="$TmpDir/admin_out_readpubconf" + rlLog "Read Publishing Config" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_002 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=ldap&RS_ID=RS_ID_CONFIG&publishingEnable=&enable=&ldapconn.host=&ldapconn.port=&ldapConn.secureConn=&ldapauth.bindPWPrompt=&ldapauth.bindDN=&directoryManagerPwd=&ldapconn.version=&ldapauth.authtype=&ldapauth.clientCertNickname=&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read Publishing Config" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_002" + ldapbindpromptout=$(echo $ldap_prompt | tr -d ' ') + rlAssertGrep "ldapconn.host=$ldap_host" "$admin_out" + rlAssertGrep "ldapconn.port=$ldap_port" "$admin_out" + rlAssertGrep "ldapConn.secureConn=$ldap_secure" "$admin_out" + rlAssertGrep "ldapauth.bindPWPrompt=$ldapbindpromptout" "$admin_out" + rlAssertGrep "ldapauth.bindDN=cn%3DDSManager" "$admin_out" + rlAssertGrep "directoryManagerPwd=" "$admin_out" + rlAssertGrep "ldapconn.version=3" "$admin_out" + rlAssertGrep "ldapauth.authtype=$ldap_authtype" "$admin_out" + rlAssertGrep "ldapauth.clientCertNickname=" "$admin_out" + rlAssertGrep "publishingEnable=true" "$admin_out" + rlAssertGrep "enable=true" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_list_all_mappers-003:SUBCA - Admin Interface - List all mappers" + header_003="$TmpDir/subca_pub_003.txt" + local admin_out="$TmpDir/admin_out_listmappers" + rlLog "List all mappers" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_003 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=mapperRules&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "List all mappers" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_003" + rlAssertGrep "LdapCaCertMap=LdapCaSimpleMap:visible" "$admin_out" + rlAssertGrep "LdapUserCertMap=LdapSimpleMap:visible" "$admin_out" + rlAssertGrep "NoMap=NoMap:visible" "$admin_out" + rlAssertGrep "LdapCrlMap=LdapCaSimpleMap:visible" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_list_all_mapper_plugins-004:SUBCA - Admin Interface - List all mapper plugins" + local admin_out="$TmpDir/admin_out_listmapperplugin" + header_004="$TmpDir/subca_pub_004.txt" + rlLog "List all mapper plugin" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_004 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=mapperImpls&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "List all mapper plugins" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_004" + rlAssertGrep "LdapEnhancedMap=com.netscape.cms.publish.mappers.LdapEnhancedMap%2CLdapEnhancedMap" "$admin_out" + rlAssertGrep "LdapSubjAttrMap=com.netscape.cms.publish.mappers.LdapCertSubjMap%2CLdapCertSubjMap" "$admin_out" + rlAssertGrep "NoMap=com.netscape.cms.publish.mappers.NoMap%2CNoMap" "$admin_out" + rlAssertGrep "LdapSimpleMap=com.netscape.cms.publish.mappers.LdapSimpleMap%2CLdapSimpleMap" "$admin_out" + rlAssertGrep "LdapCaSimpleMap=com.netscape.cms.publish.mappers.LdapCaSimpleMap%2CLdapCaSimpleMap" "$admin_out" + rlAssertGrep "LdapDNExactMap=com.netscape.cms.publish.mappers.LdapCertExactMap%2CLdapCertExactMap" "$admin_out" + rlAssertGrep "LdapDNCompsMap=com.netscape.cms.publish.mappers.LdapCertCompsMap%2CLdapCertCompsMap" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_read_mapper_rule-005:SUBCA - Admin Interface - Read a mapper rule" + local admin_out="$TmpDir/admin_out_readmaprule" + header_005="$TmpDir/subca_pub_005.txt" + searchrule="LdapUserCertMap" + rlLog "Read a mapper rule" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_005 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$searchrule&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_005" + rlAssertGrep "implName=LdapSimpleMap" "$admin_out" + rlAssertGrep "dnPattern=" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_mapper-006:SUBCA - Admin Interface - Add CA ldap mapper" + local admin_out="$TmpDir/admin_out_addmapper" + header_006="$TmpDir/subca_pub_006.txt" + mapper_id="pub07" + dn_pattern="uid=\$req.HTTP_PARAMS.uid,ou=\$subj.ou,o=\$subj.o" + create_v2_ca_entry="false" + create_ca_entry="true" + mapper="LdapCaSimpleMap" + rlLog "Add a ldap mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_006 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=LdapCaSimpleMap&dnPattern=$dn_pattern&CAEntryV2=$create_v2_ca_entry&createCAEntry=$create_ca_entry&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add a ldap mapper" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" \ + --dump-header $header_006 \ + --basic --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_006" + rlAssertGrep "implName=$mapper" "$admin_out" + dnpattern1=$(echo $dn_pattern | sed -e 's/=/%3D/g' -e 's/,/%2C/g' -e 's/$req//g' -e 's/$subj//g') + rlAssertGrep "dnPattern=$dnpattern1" "$admin_out" + rlAssertGrep "createCAEntry=$create_ca_entry" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_ldap_mapper-007:SUBCA - Admin Interface - Edit CA ldap mapper" + local admin_out="$TmpDir/admin_out_editmapper" + header_007="$TmpDir/subca_pub_007.txt" + dn_pattern="uid=\$req.HTTP_PARAMS.uid,ou=\$subj.ou,o=netscapecertificateserver" + rlLog "Edit a ldap mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_007 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=LdapCaSimpleMap&dnPattern=$dn_pattern&CAEntryV2=$create_v2_ca_entry&createCAEntry=$create_ca_entry&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Edit a ldap mapper" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_007 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlAssertGrep "netscapecertificateserver" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_007 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete mapper rule $mapper_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_007" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_dn_comps_mapper-008:SUBCA - Admin Interface - Add ldap dn comps mapper" + local admin_out="$TmpDir/admin_out_addldapdncomps" + header_008="$TmpDir/subca_pub_008.txt" + mapper_id="pub09" + filter_comps="mail" + dn_comps="uid" + base_dn="o=redhat-ldapdncompsmap" + mapper="LdapDNCompsMap" + rlLog "Add ldap dn comps mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_008 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&filterComps=$filter_comps&dnComps=$dn_comps&baseDN=$base_dn&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap dn comps mapper" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_008 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_008" + rlAssertGrep "implName=$mapper" "$admin_out" + basedn1=$(echo $base_dn | sed 's/=/%3D/g') + rlAssertGrep "baseDN=$basedn1" "$admin_out" + rlAssertGrep "dnComps=$dn_comps" "$admin_out" + rlAssertGrep "filterComps=$filter_comps" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_ldap_dn_comps_mapper-009:SUBCA - Admin Interface - Edit ldap dn comps mapper" + local admin_out="$TmpDir/admin_out_editldapdncomps" + header_009="$TmpDir/subca_pub_009.txt" + base_dn="o=redhat-ldapdncompsmap-edit" + rlLog "Edit ldap dn comps mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_009 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&filterComps=$filter_comps&dnComps=$dn_comps&baseDN=$base_dn&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap dn comps mapper" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_009 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlAssertGrep "redhat-ldapdncompsmap-edit" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_009 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete mapper rule $mapper_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_009" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_dn_exact_mapper-010:SUBCA - Admin Interface - Add ldap dn exact mapper" + local admin_out="$TmpDir/admin_out_addldapdnexact" + header_010="$TmpDir/subca_pub_010.txt" + mapper_id="pub11" + mapper="LdapDNExactMap" + rlLog "Add ldap dn exact mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_010 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap dn exact mapper" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_010 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_010 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete mapper rule $mapper_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_010" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_enhanced_mapper-011:SUBCA - Admin Interface - Add ldap enhanced mapper" + local admin_out="$TmpDir/admin_out_addldapenhanced" + header_011="$TmpDir/subca_pub_011.txt" + mapper_id="pub12" + mapper="LdapEnhancedMap" + dn_pattern="uid=\$req.HTTP_PARAMS.uid,ou=\$subj.ou,o=netscapecertificateserver" + attr_pattern="\$req.HTTP_PARAMS.csrRequestorEmail" + attr_num="1" + create_entry="true" + attr_name="mail" + rlLog "Add ldap enhanced mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_011 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&dnPattern=$dn_pattern&attrPattern0=$attr_pattern&attrNum=$attr_num&createEntry=$create_entry&attrName0=$attr_name&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap enhanced mapper" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_011 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_011" + rlAssertGrep "implName=$mapper" "$admin_out" + dnpattern1=$(echo $dn_pattern | sed -e 's/=/%3D/g' -e 's/,/%2C/g' -e 's/$req//g' -e 's/$subj//g') + rlAssertGrep "dnPattern=$dnpattern1" "$admin_out" + rlAssertGrep "createEntry=$create_entry" "$admin_out" + rlAssertGrep "attrNum=$attr_num" "$admin_out" + rlAssertGrep "attrName0=$attr_name" "$admin_out" + attrpattern1=$(echo $attr_pattern | sed 's/$req//g') + rlAssertGrep "attrPattern0=$attrpattern1" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_ldap_enhanced_mapper-012:SUBCA - Admin Interface - Edit ldap enhanced mapper" + local admin_out="$TmpDir/admin_out_editldapenhanced" + header_012="$TmpDir/subca_pub_012.txt" + dn_pattern="uid=\$req.HTTP_PARAMS.uid,ou=\$subj.ou,o=netscapecertificateserver-e" + rlLog "Edit ldap enhanced mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_012 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&dnPattern=$dn_pattern&attrPattern0=$attr_pattern&attrNum=$attr_num&createEntry=$create_entry&attrName0=$attrName&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Edit ldap enhanced mapper" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_012 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlAssertGrep "netscapecertificateserver-e" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_012 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete mapper rule $mapper_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_012" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_simple_mapper-013:SUBCA - Admin Interface - Add ldap simple mapper" + header_013="$TmpDir/subca_pub_013.txt" + local admin_out="$TmpDir/admin_out_addldapsimple" + mapper_id="pub14" + mapper="LdapSimpleMap" + dn_pattern="uid=\$req.HTTP_PARAMS.uid,ou=\$subj.ou,o=netscapecertificateserver" + rlLog "Add ldap simple mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_013 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&dnPattern=$dn_pattern&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap simple mapper" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_013 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_013" + rlAssertGrep "implName=$mapper" "$admin_out" + dnpattern1=$(echo $dn_pattern | sed -e 's/=/%3D/g' -e 's/,/%2C/g' -e 's/$req//g' -e 's/$subj//g') + rlAssertGrep "dnPattern=$dnpattern1" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_ldap_simple_mapper-014:SUBCA - Admin Interface - Edit ldap simple mapper" + local admin_out="$TmpDir/admin_out_editldapsimple" + header_014="$TmpDir/subca_pub_014.txt" + mapper_id="pub14" + dn_pattern="uid=\$req.HTTP_PARAMS.uid,ou=\$subj.ou,o=netscapecertificateserver-e" + rlLog "Edit ldap simple mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_014 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&dnPattern=$dn_pattern&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Edit ldap simple mapper" + rlAssertGrep "HTTP/1.1 200 OK" "$header_014" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_014 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_014" + rlAssertGrep "netscapecertificateserver-e" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_014 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete mapper rule $mapper_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_014" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_subj_attr_mapper-015:SUBCA - Admin Interface - Add ldap subj attr mapper" + local admin_out="$TmpDir/admin_out_addldapsubjattr" + header_015="$TmpDir/subca_pub_015.txt" + mapper_id="pub16" + mapper="LdapSubjAttrMap" + search_base="o=redhat" + cert_subj_name_attr="certSubjectName" + rlLog "Add ldap subj attr mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_015 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&searchBase=$search_base&certSubjNameAttr=$cert_subj_name_attr&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap subj attr mapper" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_015" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_015 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_015" + rlAssertGrep "implName=$mapper" "$admin_out" + rlAssertGrep "certSubjNameAttr=$cert_subj_name_attr" "$admin_out" + searchbase1=$(echo $search_base | sed 's/=/%3D/g') + rlAssertGrep "searchBase=$searchbase1" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_ldap_subj_attr_mapper-016:SUBCA - Admin Interface - Edit ldap subj attr mapper" + local admin_out="$TmpDir/admin_out_editldapsubjattr" + header_016="$TmpDir/subca_pub_016.txt" + search_base="o=redhat-subjattr" + rlLog "Edit ldap subj attr mapper" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_016 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&searchBase=$search_base&certSubjNameAttr=$cert_subj_name_attr&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Edit ldap subj attr mapper" + rlAssertGrep "HTTP/1.1 200 OK" "$header_016" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_016 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_016" + rlAssertGrep "redhat-subjattr" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_016 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete mapper rule $mapper_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_016" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_no_map-017:SUBCA - Admin Interface - Add ldap no map" + local admin_out="$TmpDir/admin_out_addldapnomap" + header_017="$TmpDir/subca_pub_017.txt" + mapper_id="pub18" + mapper="NoMap" + rlLog "Add ldap no map" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_017 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=mapperRules&RS_ID=$mapper_id&RULENAME=$mapper_id&implName=$mapper&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap no map" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_017" + rlAssertGrep "implName=$mapper" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_read_ldap_no_map-018:SUBCA - Admin Interface - Read ldap no map" + local admin_out="$TmpDir/admin_out_readldapnomap" + header_018="$TmpDir/subca_pub_018.txt" + rlLog "Add ldap no map" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_018 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read ldap no map" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_018" + rlAssertGrep "implName=$mapper" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_delete_ldap_no_map-019:SUBCA - Admin Interface - Delete ldap no map" + local admin_out="$TmpDir/admin_out_deleteldapnomap" + header_019="$TmpDir/subca_pub_019.txt" + rlLog "Delete ldap no map" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_019 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Delete ldap no map" + rlAssertGrep "HTTP/1.1 200 OK" "$header_019" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_019 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=mapperRules&RS_ID=$mapper_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read ldap no map" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_019" + rlAssertNotGrep "$mapper" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_file_based_publisher-020:SUBCA - Admin Interface - Add file based publisher" + local admin_out="$TmpDir/admin_out_addfilebasedpub" + header_020="$TmpDir/subca_pub_020.txt" + pub_id="pub24" + mapper="FileBasedPublisher" + file_b64="true" + file_dir="/tmp" + file_der="true" + rlLog "Add file based publisher" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_020 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=publisherRules&RS_ID=$pub_id&RULENAME=$pub_id&implName=$mapper&Filename.b64=$file_b64&directory=$file_dir&Filename.der=$file_der&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add file based publisher" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_020" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_020 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_020" + rlAssertGrep "implName=$mapper" "$admin_out" + filedir1=$(echo $file_dir | sed 's/\//%2F/g') + rlAssertGrep "directory=$filedir1" "$admin_out" + rlAssertGrep "Filename.der=$file_der" "$admin_out" + rlAssertGrep "Filename.b64=$file_b64" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_file_based_publisher-021:SUBCA - Admin Interface - Edit file based publisher" + local admin_out="$TmpDir/admin_out_editfilebasedpub" + header_021="$TmpDir/subca_pub_021.txt" + file_dir="/usr" + rlLog "Add file based publisher" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_021 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=publisherRules&RS_ID=$pub_id&RULENAME=$pub_id&implName=$mapper&Filename.b64=$file_b64&directory=$file_dir&Filename.der=$file_der&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add file based publisher" + rlAssertGrep "HTTP/1.1 200 OK" "$header_021" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_021 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a publisher" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_021" + filedir1=$(echo $file_dir | sed 's/\//%2F/g') + rlAssertGrep "directory=$filedir1" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_021 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete publisher $pub_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_021" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_cacert_publisher-022:SUBCA - Admin Interface - Add Ldap cacert publisher" + local admin_out="$TmpDir/admin_out_addldapcacertpub" + header_022="$TmpDir/subca_pub_022.txt" + pub_id="pub26" + mapper="LdapCaCertPublisher" + caObjectClass="certificationAuthority" + caCertAttr="caCertificate;binary" + rlLog "Add ldap ca cert publisher" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_022 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=publisherRules&RS_ID=$pub_id&RULENAME=$pub_id&implName=$mapper&caObjectClass=$caObjectClass&caCertAttr=$caCertAttr&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add Ldap ca cert publisher" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_022" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_022 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_022" + rlAssertGrep "implName=$mapper" "$admin_out" + certAttr1=$(echo $caCertAttr | sed 's/;/:/g') + rlAssertGrep "caCertAttr=$certAttr1" "$admin_out" + rlAssertGrep "caObjectClass=$caObjectClass" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_022 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete publisher $pub_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_022" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_certificate_pair_publisher-023:SUBCA - Admin Interface - Add Ldap certificate pair publisher" + local admin_out="$TmpDir/admin_out_addldapcertpairpub" + header_023="$TmpDir/subca_pub_023.txt" + pub_id="pub27" + mapper="LdapCertificatePairPublisher" + caObjectClass="certificationAuthority" + crossCertPairAttr="crossCertificatePair;binary" + rlLog "Add ldap certificate pair publisher" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_023 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=publisherRules&RS_ID=$pub_id&RULENAME=$pub_id&implName=$mapper&caObjectClass=$caObjectClass&crossCertPairAttr=$crossCertPairAttr&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add Ldap certificate pair publisher" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_023" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_023 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_023" + rlAssertGrep "implName=$mapper" "$admin_out" + crossCertPairAttr1=$(echo $crossCertPairAttr | sed 's/;/:/g') + rlAssertGrep "crossCertPairAttr=$crossCertPairAttr1" "$admin_out" + rlAssertGrep "caObjectClass=$caObjectClass" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_023 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete publisher $pub_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_023" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_crl_publisher-024:SUBCA - Admin Interface - Add Ldap crl publisher" + local admin_out="$TmpDir/admin_out_addldapcrlpub" + header_024="$TmpDir/subca_pub_024.txt" + pub_id="pub28" + mapper="LdapCrlPublisher" + crlAttr="certificateRevocationList;binary" + rlLog "Add ldap crl publisher" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_024 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=publisherRules&RS_ID=$pub_id&RULENAME=$pub_id&implName=$mapper&crlAttr=$crlAttr&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap crl publisher" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_024" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_024 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_024" + rlAssertGrep "implName=$mapper" "$admin_out" + crlAttr1=$(echo $crlAttr | sed 's/;/:/g') + rlAssertGrep "crlAttr=$crlAttr1" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_024 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete publisher $pub_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_024" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_delta_crl_publisher-025:SUBCA - Admin Interface - Add Ldap delta crl publisher" + local admin_out="$TmpDir/admin_out_addldapdeltacrlpub" + header_025="$TmpDir/subca_pub_025.txt" + pub_id="pub29" + mapper="LdapDeltaCrlPublisher" + crlAttr="certificateRevocationList;binary" + rlLog "Add ldap delta crl publisher" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_025 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=publisherRules&RS_ID=$pub_id&RULENAME=$pub_id&implName=$mapper&crlAttr=$crlAttr&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap delta crl publisher" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_025" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_025 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_025" + rlAssertGrep "implName=$mapper" "$admin_out" + crlAttr1=$(echo $crlAttr | sed 's/;/:/g') + rlAssertGrep "crlAttr=$crlAttr1" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_025 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete publisher $pub_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_025" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ldap_user_cert_publisher-026:SUBCA - Admin Interface - Add Ldap user cert publisher" + local admin_out="$TmpDir/admin_out_addldapusercertpub" + header_026="$TmpDir/subca_pub_026.txt" + pub_id="pub30" + mapper="LdapUserCertPublisher" + certAttr="userCertificate;binary" + rlLog "Add ldap user cert publisher" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_026 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=publisherRules&RS_ID=$pub_id&RULENAME=$pub_id&implName=$mapper&certAttr=$certAttr&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ldap user cert publisher" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_026" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_026 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_026" + rlAssertGrep "implName=$mapper" "$admin_out" + certAttr1=$(echo $certAttr | sed 's/;/:/g') + rlAssertGrep "certAttr=$certAttr1" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_026 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete publisher $pub_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_026" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_ocsp_publisher-027:SUBCA - Admin Interface - Add ocsp publisher" + local admin_out="$TmpDir/admin_out_addocsppub" + header_027="$TmpDir/subca_pub_027.txt" + pub_id="pub31" + mapper="OCSPPublisher" + ocsp_host="somehost" + ocsp_port="1234" + rlLog "Add ocsp publisher" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_027 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=publisherRules&RS_ID=$pub_id&RULENAME=$pub_id&implName=$mapper&host=$ocsp_host&port=$ocsp_port&path=/ocsp/addCRL&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add ocsp publisher" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_027" + rlAssertGrep "implName=$mapper" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_027 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_027" + rlAssertGrep "implName=$mapper" "$admin_out" + rlAssertGrep "host=$ocsp_host" "$admin_out" + rlAssertGrep "port=$ocsp_port" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_edit_ocsp_publisher-028:SUBCA - Admin Interface - Edit ocsp publisher" + local admin_out="$TmpDir/admin_out_editocsppub" + header_028="$TmpDir/subca_pub_028.txt" + ocsp_host="somehost.redhat.com" + rlLog "Edit ocsp publisher" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_028 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=publisherRules&RS_ID=$pub_id&RULENAME=$pub_id&implName=$mapper&host=$ocsp_host&port=$ocsp_port&path=/ocsp/addCRL&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Edit ocsp publisher" + rlAssertGrep "HTTP/1.1 200 OK" "$header_028" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_028 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_028" + rlAssertGrep "host=$ocsp_host" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_delete_publisher-029:SUBCA - Admin Interface - Delete publisher" + local admin_out="$TmpDir/admin_out_deletepub" + header_029="$TmpDir/subca_pub_029.txt" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_029 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete publisher $pub_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_029" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_029 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=publisherRules&RS_ID=$pub_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read a mapper rule" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_029" + rlAssertNotGrep "implName=$mapper" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_list_all_publishing_rules-030:SUBCA - Admin Interface - List all publishing rules" + local admin_out="$TmpDir/admin_out_listpubrules" + header_030="$TmpDir/subca_pub_030.txt" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_030 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=ruleRules&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "List all publishing rules" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_030" + rlAssertGrep "LdapXCertRule" "$admin_out" + rlAssertGrep "LdapCaCertRule" "$admin_out" + rlAssertGrep "LdapUserCertRule" "$admin_out" + rlAssertGrep "LdapCrlRule" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_publishing_rule_type_certs-031:SUBCA - Admin Interface - Add publishing rule - type certs" + local admin_out="$TmpDir/admin_out_addpubrulecerts" + header_031="$TmpDir/subca_pub_031.txt" + rule_id="rule35" + rule_predicate="HTTP_PARAMS.certType==client" + rule_enable="true" + rule_type="certs" + rule_publisher="LdapUserCertPublisher" + rule_mapper="LdapUserCertMap" + rlLog "Add publishing rule - type certs" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_031 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=ruleRules&RS_ID=$rule_id&RULENAME=$rule_id&implName=Rule&predicate=$rule_predicate&enable=$rule_enable&type=$rule_type&publisher=$rule_publisher&mapper=$rule_mapper&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add publishing rule - type certs" + rlAssertGrep "HTTP/1.1 200 OK" "$header_031" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_031 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=ruleRules&RS_ID=$rule_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read publishing rule $rule_id" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_031" + rlAssertGrep "implName=Rule" "$admin_out" + rlAssertGrep "type=$rule_type" "$admin_out" + rule_predict1=$(echo $rule_predict | sed 's/=/%3D/g') + rlAssertGrep "predicate=$rule_predict1" "$admin_out" + rlAssertGrep "enable=$rule_enable" "$admin_out" + rlAssertGrep "mapper=$rule_mapper" "$admin_out" + rlAssertGrep "publisher=$rule_publisher" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_031 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=ruleRules&RS_ID=$rule_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete publishing rule $rule_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_031" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_publishing_rule_type_cacert-032:SUBCA - Admin Interface - Add publishing rule - type cacert" + local admin_out="$TmpDir/admin_out_addpubrulecacert" + header_032="$TmpDir/subca_pub_032.txt" + rule_id="rule36" + rule_predicate="HTTP_PARAMS.certType==ca" + rule_enable="true" + rule_type="cacert" + rule_publisher="LdapCaCertPublisher" + rule_mapper="LdapCaCertMap" + rlLog "Add publishing rule - type cacert" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_032 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=ruleRules&RS_ID=$rule_id&RULENAME=$rule_id&implName=Rule&predicate=$rule_predicate&enable=$rule_enable&type=$rule_type&publisher=$rule_publisher&mapper=$rule_mapper&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add publishing rule - type cacert" + rlAssertGrep "HTTP/1.1 200 OK" "$header_032" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_032 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=ruleRules&RS_ID=$rule_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read publishing rule $rule_id" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_032" + rlAssertGrep "implName=Rule" "$admin_out" + rlAssertGrep "type=$rule_type" "$admin_out" + rule_predict1=$(echo $rule_predict | sed 's/=/%3D/g') + rlAssertGrep "predicate=$rule_predict1" "$admin_out" + rlAssertGrep "enable=$rule_enable" "$admin_out" + rlAssertGrep "mapper=$rule_mapper" "$admin_out" + rlAssertGrep "publisher=$rule_publisher" "$admin_out" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_032 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=ruleRules&RS_ID=$rule_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher >> $admin_out" 0 "Delete publishing rule $rule_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_032" + rlPhaseEnd + + rlPhaseStartTest "pki_console_add_publishing_rule_type_crl-033:SUBCA - Admin Interface - Add publishing rule - type crl" + local admin_out="$TmpDir/admin_out_addpubrulecrl" + header_033="$TmpDir/subca_pub_033.txt" + rule_id="rule37" + rule_predicate="issuingPointId==MasterCRL" + rule_enable="true" + rule_type="crl" + rule_publisher="LdapCrlPublisher" + rule_mapper="LdapCrlMap" + rlLog "Add publishing rule - type cacert" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_033 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_ADD&OP_SCOPE=ruleRules&RS_ID=$rule_id&RULENAME=$rule_id&implName=Rule&predicate=$rule_predicate&enable=$rule_enable&type=$rule_type&publisher=$rule_publisher&mapper=$rule_mapper&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Add publishing rule - type crl" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_033 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=ruleRules&RS_ID=$rule_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read publishing rule $rule_id" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_033" + rlAssertGrep "implName=Rule" "$admin_out" + rlAssertGrep "type=$rule_type" "$admin_out" + rule_predict1=$(echo $rule_predict | sed 's/=/%3D/g') + rlAssertGrep "predicate=$rule_predict1" "$admin_out" + rlAssertGrep "enable=$rule_enable" "$admin_out" + rlAssertGrep "mapper=$rule_mapper" "$admin_out" + rlAssertGrep "publisher=$rule_publisher" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_read_publishing_rule-034:SUBCA - Admin Interface - Read publishing rule" + local admin_out="$TmpDir/admin_out_readpubrule" + header_034="$TmpDir/subca_pub_034.txt" + rlLog "Read publishing rule" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_034 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=ruleRules&RS_ID=$rule_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read publishing rule $rule_id" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_034" + rlAssertGrep "implName=Rule" "$admin_out" + rlAssertGrep "type=$rule_type" "$admin_out" + rule_predict1=$(echo $rule_predict | sed 's/=/%3D/g') + rlAssertGrep "predicate=$rule_predict1" "$admin_out" + rlAssertGrep "enable=$rule_enable" "$admin_out" + rlAssertGrep "mapper=$rule_mapper" "$admin_out" + rlAssertGrep "publisher=$rule_publisher" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_delete_publishing_rule-035:SUBCA - Admin Interface - Delete publishing rule" + local admin_out="$TmpDir/admin_out_deletepubrule" + header_035="$TmpDir/subca_pub_035.txt" + rlLog "Delete publishing rule" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_035 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_DELETE&OP_SCOPE=ruleRules&RS_ID=$rule_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Delete publishing rule $rule_id" + rlAssertGrep "HTTP/1.1 200 OK" "$header_035" + + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_035 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_READ&OP_SCOPE=ruleRules&RS_ID=$rule_id&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Read publishing rule $rule_id" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_035" + rlAssertNotGrep "implName=Rule" "$admin_out" + rlPhaseEnd + + rlPhaseStartTest "pki_console_disable_publishing-036:SUBCA - Admin Interface - Disable Publishing" + local admin_out="$TmpDir/admin_out_disablepub" + header_036="$TmpDir/subca_pub_036.txt" + rlLog "Disable Publishing" + rlRun "curl --capath "$CERTDB_DIR" --basic \ + --dump-header $header_036 \ + --user "$valid_admin_user:$valid_admin_user_password" \ + -d \"OP_TYPE=OP_PROCESS&OP_SCOPE=ldap&RS_ID=RS_ID_CONFIG&publishingEnable=false&enable=false&\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/capublisher > $admin_out" 0 "Disable Publishing" + rlRun "process_curl_output $admin_out" 0 "Process curl output file" + rlAssertGrep "HTTP/1.1 200 OK" "$header_036" + rlAssertGrep "stopped=Publishingisstopped." "$admin_out" + rlPhaseEnd + + rlPhaseStartSetup "pki_console_crlip_cleanup" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} + +process_curl_output() +{ + output_file=$1 + sed -i "s/\&/\n&/g" $output_file + sed -i "s/+//g" $output_file + sed -i "s/^&//g" $output_file + sed -i "s/%3A/":"/g" $output_file + sed -i "s/%3B/":"/g" $output_file +} diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index 325903417..f129a7be1 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -177,29 +177,30 @@ . ./acceptance/cli-tests/pki-ca-profile-cli/pki-ca-profile-cli-add.sh . ./acceptance/cli-tests/pki-ca-profile-cli/pki-ca-profile-cli-mod.sh . ./acceptance/legacy/ca-tests/usergroups/pki-ca-usergroups.sh -. ./acceptance/legacy/ca-tests/profiles/ca-profile.sh -. ./acceptance/legacy/ca-tests/profiles/ca-ad-profiles.sh . ./acceptance/legacy/ca-tests/profiles/ca-ag-profiles.sh +. ./acceptance/legacy/ca-tests/profiles/ca-ad-profiles.sh . ./acceptance/legacy/ca-tests/internaldb/ca-admin-internaldb.sh . ./acceptance/legacy/ca-tests/acls/ca-admin-acl.sh . ./acceptance/legacy/ca-tests/authplugin/ca-admin-authplugins.sh +. ./acceptance/legacy/ca-tests/logs/ca-ad-logs.sh +. ./acceptance/legacy/ca-tests/cert-enrollment/ca-ee-enrollments.sh +. ./acceptance/legacy/ca-tests/cert-enrollment/ca-ag-requests.sh +. ./acceptance/legacy/ca-tests/cert-enrollment/ca-ee-retrieval.sh . ./acceptance/legacy/ca-tests/crlissuingpoint/ca-admin-crlissuingpoints.sh . ./acceptance/legacy/ca-tests/crls/ca-agent-crls.sh . ./acceptance/legacy/ca-tests/publishing/ca-admin-publishing.sh -. ./acceptance/legacy/ca-tests/ocsp/ca-ee-ocsp.sh . ./acceptance/legacy/ca-tests/cert-enrollment/ca-ag-certificates.sh -. ./acceptance/legacy/ca-tests/cert-enrollment/ca-ag-requests.sh -. ./acceptance/legacy/ca-tests/cert-enrollment/ca-ee-enrollments.sh -. ./acceptance/legacy/ca-tests/cert-enrollment/ca-ee-retrieval.sh -. ./acceptance/legacy/ca-tests/logs/ca-ad-logs.sh +. ./acceptance/legacy/ca-tests/ocsp/ca-ee-ocsp.sh +. ./acceptance/legacy/subca-tests/acls/subca-ad-acls.sh +. ./acceptance/legacy/subca-tests/internaldb/subca-ad-internaldb.sh +. ./acceptance/legacy/subca-tests/authplugin/subca-ad-authplugin.sh +. ./acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh +. ./acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh +. ./acceptance/legacy/subca-tests/crls/subca-ag-crls.sh . ./acceptance/legacy/drm-tests/acls/drm-ad-acls.sh . ./acceptance/legacy/drm-tests/agent/drm-ag-tests.sh . ./acceptance/legacy/drm-tests/internaldb/drm-ad-internaldb.sh . ./acceptance/legacy/drm-tests/usergroups/drm-ad-usergroups.sh -. ./acceptance/install-tests/ca-installer.sh -. ./acceptance/install-tests/kra-installer.sh -. ./acceptance/install-tests/ocsp-installer.sh -. ./acceptance/install-tests/tks-installer.sh . ./acceptance/bugzilla/bug_setup.sh . ./acceptance/bugzilla/bug_uninstall.sh . ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh @@ -210,6 +211,7 @@ . ./acceptance/bugzilla/jss-bugs/bug-1040640.sh . ./acceptance/bugzilla/pki-core-bugs/bug-790924.sh + # Make sure TESTORDER is initialized or multihost may have issues TESTORDER=1 dir1="/opt/rhqa_pki/CodeCoveragePKIhtml" @@ -274,6 +276,21 @@ rlJournalStart TKS_INST=$(cat /tmp/topo_file | grep MY_TKS | cut -d= -f2) rlLog "Subsystem ID TKS=$TKS_INST" run_pki-user-cli-role-user-create-tests $TKS_INST tks $MYROLE + SUBCA_INST=$(cat /tmp/topo_file | grep MY_SUBCA | cut -d= -f2) + rlLog "Subsystem ID SUBCA=$SUBCA_INST" + run_pki-user-cli-role-user-create-tests $SUBCA_INST ca $MYROLE + CLONECA_INST=$(cat /tmp/topo_file | grep MY_CLONE_CA | cut -d= -f2) + rlLog "Subsystem ID CLONECA=$CLONECA_INST" + run_pki-user-cli-role-user-create-tests $CLONECA_INST ca $MYROLE + CLONEKRA_INST=$(cat /tmp/topo_file | grep MY_CLONE_KRA | cut -d= -f2) + rlLog "Subsystem ID CLONEKRA=$CLONEKRA_INST" + run_pki-user-cli-role-user-create-tests $CLONEKRA_INST kra $MYROLE + CLONEOCSP_INST=$(cat /tmp/topo_file | grep MY_CLONE_OCSP | cut -d= -f2) + rlLog "Subsystem ID CLONEOCSP=$CLONEOCSP_INST" + run_pki-user-cli-role-user-create-tests $CLONEOCSP_INST ocsp $MYROLE + CLONETKS_INST=$(cat /tmp/topo_file | grep MY_CLONE_TKS | cut -d= -f2) + rlLog "Subsystem ID CLONETKS=$CLONETKS_INST" + run_pki-user-cli-role-user-create-tests $CLONETKS_INST ocsp $MYROLE elif [ "$TOPO1_UPPERCASE" = "TRUE" ] ; then run_rhcs_install_set_vars run_rhcs_install_topo_1 @@ -1427,22 +1444,8 @@ rlJournalStart rlLog "Subsystem ID CA=$CA_INST" run_pki-user-cli-user-cleanup_tests $CA_INST ca $MY_ROLE fi - ######## LEGACY TESTS ############ - PKI_CA_LEGACY_TESTS_UPPERCASE=$(echo $PKI_CA_LEGACY_TESTS | tr [a-z] [A-Z]) - if [ "$PKI_CA_LEGACY_TESTS_UPPERCASE" = "TRUE" ] ; then - # Execute pki legacy-ca tests - subsystemId=$CA_INST - subsystemType=ca - run_pki-legacy-ca-usergroup_tests $subsystemId $subsystemType $MYROLE - run_admin-ca-log_tests $subsystemType $MYROLE - run_admin-ca-acl_tests $subsystemType $MYROLE - run_admin-ca-intdb_tests $subsystemType $MYROLE - run_admin-ca-authplugin_tests $subsystemType $MYROLE - run_admin-ca-crlissuingpoints_tests $subsystemType $MYROLE - run_agent-ca-crls_tests $subsystemType $MYROLE - run_admin-ca-publishing_tests $subsystemType $MYROLE - fi + ######## LEGACY TESTS ############ PKI_LEGACY_CA_USERGROUP_UPPERCASE=$(echo $PKI_LEGACY_CA_USERGROUP | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_CA_USERGROUP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-usergroup-tests tests @@ -1456,7 +1459,7 @@ rlJournalStart subsystemType=ca run_admin-ca-profile_tests $subsystemType $MYROLE fi - PKI_LEGACY_CA_AGENT_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_CA_AGENT_PROFILE | tr [a-z] [A-Z]) + PKI_LEGACY_CA_AGENT_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_CA_AGENT_PROFILE | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_CA_AGENT_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=ca run_agent-ca-profile_tests $subsystemType $MYROLE @@ -1466,16 +1469,36 @@ rlJournalStart subsystemType=ca run_admin-ca-acl_tests $subsystemType $MYROLE fi - PKI_LEGACY_CA_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_CA_INTERNALDB | tr [a-z] [A-Z]) + PKI_LEGACY_CA_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_CA_INTERNALDB | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_CA_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=ca run_admin-ca-intdb_tests $subsystemType $MYROLE fi - PKI_LEGACY_CA_AUTHPLUGIN_UPPERCASE=$(echo $PKI_LEGACY_CA_AUTHPLUGIN | tr [a-z] [A-Z]) + PKI_LEGACY_CA_AUTHPLUGIN_UPPERCASE=$(echo $PKI_LEGACY_CA_AUTHPLUGIN | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_CA_AUTHPLUGIN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=ca run_admin-ca-authplugin_tests $subsystemType $MYROLE fi + PKI_LEGACY_CA_ADMIN_LOGS_UPPERCASE=$(echo $PKI_LEGACY_CA_ADMIN_LOGS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_ADMIN_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_admin-ca-log_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_EE_ENROLLMENT_UPPERCASE=$(echo $PKI_LEGACY_CA_EE_ENROLLMENT | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_EE_ENROLLMENT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_ee-ca-enrollment_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_AG_REQUESTS_UPPERCASE=$(echo $PKI_LEGACY_CA_AG_REQUESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_AG_REQUESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_ca-ag-requests_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_EE_RETRIEVAL_UPPERCASE=$(echo $PKI_LEGACY_CA_EE_RETRIEVAL | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_EE_RETRIEVAL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_ee-ca-retrieval_tests $subsystemType $MYROLE + fi PKI_LEGACY_CA_CRLISSUINGPOINT_UPPERCASE=$(echo $PKI_LEGACY_CA_CRLISSUINGPOINT | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_CA_CRLISSUINGPOINT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=ca @@ -1491,36 +1514,16 @@ rlJournalStart subsystemType=ca run_admin-ca-publishing_tests $subsystemType $MYROLE fi - PKI_LEGACY_CA_ADMIN_EE_OCSP_UPPERCASE=$(echo $PKI_LEGACY_CA_ADMIN_EE_OCSP | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_ADMIN_EE_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_ca-ee-ocsp_tests $subsystemType $MYROLE - fi - PKI_LEGACY_CA_EE_ENROLLMENT_UPPERCASE=$(echo $PKI_LEGACY_CA_EE_ENROLLMENT | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_EE_ENROLLMENT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_ee-ca-enrollment_tests $subsystemType $MYROLE - fi - PKI_LEGACY_CA_EE_RETRIEVAL_UPPERCASE=$(echo $PKI_LEGACY_CA_EE_RETRIEVAL | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_EE_RETRIEVAL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_ee-ca-retrieval_tests $subsystemType $MYROLE - fi - PKI_LEGACY_CA_AG_REQUESTS_UPPERCASE=$(echo $PKI_LEGACY_CA_AG_REQUESTS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_AG_REQUESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_ca-ag-requests_tests $subsystemType $MYROLE - fi PKI_LEGACY_CA_AG_CERTIFICATES_UPPERCASE=$(echo $PKI_LEGACY_CA_AG_CERTIFICATES | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_CA_AG_CERTIFICATES_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=ca run_ca-ag-certificates_tests $subsystemType $MYROLE - fi - PKI_LEGACY_CA_ADMIN_LOGS_UPPERCASE=$(echo $PKI_LEGACY_CA_ADMIN_LOGS | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_ADMIN_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - subsystemType=ca - run_admin-ca-log_tests $subsystemType $MYROLE fi + PKI_LEGACY_CA_ADMIN_EE_OCSP_UPPERCASE=$(echo $PKI_LEGACY_CA_ADMIN_EE_OCSP | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_ADMIN_EE_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_ca-ee-ocsp_tests $subsystemType $MYROLE + fi PKI_LEGACY_KRA_AG_UPPERCASE=$(echo $PKI_LEGACY_KRA_AG_TESTS | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_KRA_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=kra @@ -1541,57 +1544,35 @@ rlJournalStart subsystemType=kra run_admin-kra-internaldb_tests $subsystemType $MYROLE fi - ######## INSTALL TESTS ############ - PKI_INSTALL_TESTS_UPPERCASE=$(echo $PKI_INSTALL_TESTS | tr [a-z] [A-Z]) - if [ "$PKI_INSTALL_TESTS_UPPERCASE" = "TRUE" ] ; then - # Execute pki install tests - subsystemId=$CA_INST - subsystemType=ca - # Execute pki KRA install tests - run_rhcs_ca_installer_tests $subsystemId $subsystemType $MYROLE - subsystemId=$KRA_INST - subsystemType=kra - run_rhcs_kra_installer_tests $subsystemId $subsystemType $MYROLE - # Execute pki OCSP install tests - subsystemId=$OCSP_INST - subsystemType=ocsp - run_rhcs_ocsp_installer_tests $subsystemId $subsystemType $MYROLE - # Execute pki TKS install tests - subsystemId=$TKS_INST - subsystemType=tks - run_rhcs_tks_installer_tests $subsystemId $subsystemType $MYROLE + PKI_LEGACY_SUBCA_ADMIN_ACLS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_ACLS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_ADMIN_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_admin-subca-acl_tests $subsystemType $MYROLE fi - - PKI_CA_INSTALL_UPPERCASE=$(echo $PKI_CA_INSTALL | tr [a-z] [A-Z]) - if [ "$PKI_CA_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki CA install tests - subsystemId=$CA_INST - subsystemType=ca - run_rhcs_ca_installer_tests $subsystemId $subsystemType $MYROLE + PKI_LEGACY_SUBCA_ADMIN_INTERNALDB_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_INTERNALDB | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_ADMIN_INTERNALDB_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_admin-subca-intdb_tests $subsystemType $MYROLE fi - - PKI_KRA_INSTALL_UPPERCASE=$(echo $PKI_KRA_INSTALL | tr [a-z] [A-Z]) - if [ "$PKI_KRA_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki KRA install tests - subsystemId=$KRA_INST - subsystemType=kra - run_rhcs_kra_installer_tests $subsystemId $subsystemType $MYROLE + PKI_LEGACY_SUBCA_ADMIN_AUTHPLUGIN_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_AUTHPLUGIN | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_ADMIN_AUTHPLUGIN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_admin-subca-authplugin_tests $subsystemType $MYROLE fi - - PKI_OCSP_INSTALL_UPPERCASE=$(echo $PKI_OCSP_INSTALL | tr [a-z] [A-Z]) - if [ "$PKI_OCSP_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki OCSP install tests - subsystemId=$OCSP_INST - subsystemType=ocsp - run_rhcs_ocsp_installer_tests $subsystemId $subsystemType $MYROLE + PKI_LEGACY_SUBCA_ADMIN_CRLISSUINGPOINT_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_CRLISSUINGPOINT | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_ADMIN_CRLISSUINGPOINT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_admin-subca-crlissuingpoints_tests $subsystemType $MYROLE fi - - PKI_TKS_INSTALL_UPPERCASE=$(echo $PKI_TKS_INSTALL | tr [a-z] [A-Z]) - if [ "$PKI_TKS_INSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki TKS install tests - subsystemId=$TKS_INST - subsystemType=tks - run_rhcs_tks_installer_tests $subsystemId $subsystemType $MYROLE + PKI_LEGACY_SUBCA_ADMIN_PUBLISHING_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_PUBLISHING | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_ADMIN_PUBLISHING_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_admin-subca-publishing_tests $subsystemType $MYROLE + fi + PKI_LEGACY_SUBCA_AGENT_CRL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AGENT_CRL | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_AGENT_CRL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_agent-subca-crls_tests $subsystemType $MYROLE fi rlPhaseEnd ######## DEV UNIT TESTS ############ diff --git a/tests/dogtag/shared/rhcs-shared.sh b/tests/dogtag/shared/rhcs-shared.sh index 057e20522..a351c4a40 100755 --- a/tests/dogtag/shared/rhcs-shared.sh +++ b/tests/dogtag/shared/rhcs-shared.sh @@ -628,10 +628,10 @@ get_topo_stack() echo "MY_OCSP=OCSP3" >> $TOPO_FILE echo "MY_TKS=TKS1" >> $TOPO_FILE echo "MY_SUBCA=SUBCA1" >> $TOPO_FILE - echo "MY_CLONE_CA=CLONE_CA1" >> $TOPO_FILE - echo "MY_CLONE_KRA=CLONE_KRA1" >> $TOPO_FILE - echo "MY_CLONE_OCSP=CLONE_OCSP1" >> $TOPO_FILE - echo "MY_CLONE_TKS=CLONE_TKS1" >> $TOPO_FILE + echo "MY_CLONE_CA=CLONE_CA1" >> $TOPO_FILE + echo "MY_CLONE_KRA=CLONE_KRA1" >> $TOPO_FILE + echo "MY_CLONE_OCSP=CLONE_OCSP1" >> $TOPO_FILE + echo "MY_CLONE_TKS=CLONE_TKS1" >> $TOPO_FILE elif [ $MY_ROLE == "SUBCA1" ]; then echo "MY_CA=SUBCA1" > $TOPO_FILE echo "MY_KRA=KRA1" >> $TOPO_FILE @@ -651,3 +651,19 @@ get_topo_stack() fi } ################################################################# +# +#When using curl to query/update a resource in console, +#use this function to process the output receieved +# +################################################################## +process_curl_output() +{ + output_file=$1 + sed -i "s/\&/\n&/g" $output_file + sed -i "s/+//g" $output_file + sed -i "s/^&//g" $output_file + sed -i "s/%3A/":"/g" $output_file + sed -i "s/%3B/":"/g" $output_file + sed -i "s/%3D/"="/g" $output_file +} + |