diff options
| author | Asha Akkiangady <aakkiang@redhat.com> | 2015-02-24 11:54:12 -0500 |
|---|---|---|
| committer | Asha Akkiangady <aakkiang@redhat.com> | 2015-02-24 12:07:50 -0500 |
| commit | 9e2be082c37d55fc0b487ba2fe89341f48c48647 (patch) | |
| tree | 4b8f2fc9f8160479f67ab39148d62ef47d4f606f /tests | |
| parent | e5f4b484c518cc507bd314a2b654a049023a46ae (diff) | |
| download | pki-9e2be082c37d55fc0b487ba2fe89341f48c48647.tar.gz pki-9e2be082c37d55fc0b487ba2fe89341f48c48647.tar.xz pki-9e2be082c37d55fc0b487ba2fe89341f48c48647.zip | |
CA and SUBCA scep tests using sscep.
Diffstat (limited to 'tests')
| -rwxr-xr-x | tests/dogtag/Makefile | 2 | ||||
| -rw-r--r-- | tests/dogtag/acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh | 188 | ||||
| -rw-r--r-- | tests/dogtag/acceptance/legacy/subca-tests/scep_tests/subca-scep-enroll.sh | 192 | ||||
| -rwxr-xr-x | tests/dogtag/runtest.sh | 48 | ||||
| -rwxr-xr-x | tests/dogtag/shared/rhcs-shared.sh | 34 |
5 files changed, 447 insertions, 17 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index f13cd66c2..b9db34784 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -262,6 +262,7 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/legacy/ca-tests/renewal/renew_manual.sh chmod a+x ./acceptance/legacy/ca-tests/renewal/renew_DirAuthUserCert.sh chmod a+x ./acceptance/legacy/ca-tests/renewal/renew_caSSLClientCert.sh + chmod a+x ./acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh chmod a+x ./acceptance/legacy/drm-tests/acls/drm-ad-acls.sh chmod a+x ./acceptance/legacy/drm-tests/agent/drm-ag-tests.sh chmod a+x ./acceptance/legacy/drm-tests/internaldb/drm-ad-internaldb.sh @@ -281,6 +282,7 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh chmod a+x ./acceptance/legacy/subca-tests/profiles/subca-ag-profiles.sh chmod a+x ./acceptance/legacy/subca-tests/logs/subca-ad-logs.sh + chmod a+x ./acceptance/legacy/subca-tests/scep_tests/subca-scep-enroll.sh chmod a+x ./acceptance/legacy/ocsp-tests/usergroups/ocsp-ad-usergroups.sh chmod a+x ./acceptance/legacy/ocsp-tests/acls/ocsp-ad-acls.sh chmod a+x ./acceptance/legacy/ocsp-tests/logs/ocsp-ad-logs.sh diff --git a/tests/dogtag/acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh b/tests/dogtag/acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh new file mode 100644 index 000000000..01eec386b --- /dev/null +++ b/tests/dogtag/acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh @@ -0,0 +1,188 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy-tests/ca-tests/scep_tests +# Description: SCEP Enrollment with CA +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki commands needs to be tested: +# /usr/bin/sscep +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-legacy-ca-scep_tests() +{ + local subsystemType=$1 + local csRole=$2 + + rlPhaseStartSetup "Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $csRole $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME) + local ca_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local ca_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local ca_host=$(eval echo \$${csRole}) + local valid_agent_user=$CA_INST\_agentV + local valid_agent_user_password=$CA_INST\_agentV_password + local valid_admin_user=$CA_INST\_adminV + local valid_admin_user_password=$CA_INST\_adminV_password + local valid_audit_user=$CA_INST\_auditV + local valid_audit_user_password=$CA_INST\_auditV_password + local valid_operator_user=$CA_INST\_operatorV + local valid_operator_user_password=$CA_INST\_operatorV_password + local valid_agent_cert=$CA_INST\_agentV + local ca_config_file="/var/lib/pki/$tomcat_name/ca/conf/CS.cfg" + local search_string="ca.scep.enable=false" + local replace_string="ca.scep.enable=true" + + + rlPhaseStartTest "pki_ca_scep_tests-001: Perform scep enrollment with CA using sha512 fingerprint" + local scep_enroll_url="http://$ca_host:$ca_unsecure_port/ca/cgi-bin/pkiclient.exe" + local scep_location="ftp://wiki.idm.lab.bos.redhat.com/dirsec/images-mp1/packages/scep_software/sscep/rhel7-x86_64_modified" + local scep_enroll_pin="netscape" + local scep_password="netscape" + local scep_host_ip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') + + #Turn on scep + replace_string_in_a_file $ca_config_file $search_string $replace_string + if [ $? -eq 0 ] ; then + chown pkiuser:pkiuser $ca_config_file + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + fi + + rlRun "wget $scep_location/sscep -O $TmpDir/sscep" + #delete extisting sscep from /usr/bin if any + rlLog "Delete existing sscep from /usr/bin = rm -rf /usr/bin/sscep" + rlRun "rm -rf /usr/bin/sscep" + #Move sscep to /usr/bin + rlRun "mv $TmpDir/sscep /usr/bin" + rlRun "chmod +x /usr/bin/sscep" + #Get mkrequest + rlRun "wget $scep_location/mkrequest -O $TmpDir/mkrequest" + rlRun "mv $TmpDir/mkrequest /usr/bin" + rlRun "chmod +x /usr/bin/mkrequest" + + #Add a flatfile auth to the CA instance conf dir + local ca_file_loc="/var/lib/pki/$tomcat_name/ca/conf/flatfile.txt" + cat > $ca_file_loc << ca_file_loc_EOF +UID:$scep_host_ip +PWD:$scep_password +ca_file_loc_EOF + #Restart CA + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + + #Copy sscep.conf file + rlRun "wget $scep_location/sscep.conf -O $TmpDir/sscep.conf" + local digest="sha512" + + #do scep enrollment + rlRun "scep_do_enroll_with_sscep $scep_enroll_pin $scep_enroll_url $scep_host_ip $TmpDir $digest" + + rlAssertGrep "pkistatus: SUCCESS" "$TmpDir/scep_enroll.out" + rlAssertGrep "certificate written as $TmpDir/cert.crt" "$TmpDir/scep_enroll.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/cert.crt" + rlAssertGrep "-----END CERTIFICATE-----" "$TmpDir/cert.crt" + rlPhaseEnd + + + rlPhaseStartTest "pki_ca_scep_tests-002: Perform scep enrollment with CA using sha256 fingerprint" + local scep_enroll_url="http://$ca_host:$ca_unsecure_port/ca/cgi-bin/pkiclient.exe" + local scep_location="ftp://wiki.idm.lab.bos.redhat.com/dirsec/images-mp1/packages/scep_software/sscep/rhel7-x86_64_modified" + local scep_enroll_pin="netscape" + local scep_password="netscape" + local scep_host_ip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') + + #Turn on scep + replace_string_in_a_file $ca_config_file $search_string $replace_string + if [ $? -eq 0 ] ; then + chown pkiuser:pkiuser $ca_config_file + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + fi + + rlRun "wget $scep_location/sscep -O $TmpDir/sscep" + #delete extisting sscep from /usr/bin if any + rlLog "Delete existing sscep from /usr/bin = rm -rf /usr/bin/sscep" + rlRun "rm -rf /usr/bin/sscep" + #Move sscep to /usr/bin + rlRun "mv $TmpDir/sscep /usr/bin" + rlRun "chmod +x /usr/bin/sscep" + #Get mkrequest + rlRun "wget $scep_location/mkrequest -O $TmpDir/mkrequest" + rlRun "mv $TmpDir/mkrequest /usr/bin" + rlRun "chmod +x /usr/bin/mkrequest" + + #Add a flatfile auth to the CA instance conf dir + local ca_file_loc="/var/lib/pki/$tomcat_name/ca/conf/flatfile.txt" + cat > $ca_file_loc << ca_file_loc_EOF +UID:$scep_host_ip +PWD:$scep_password +ca_file_loc_EOF + #Restart CA + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + + local digest="sha256" + + #Copy sscep.conf file + rlRun "wget $scep_location/sscep.conf -O $TmpDir/sscep.conf" + local orig_fingerprint="FingerPrint sha512" + local replace_fingerprint="FingerPrint $digest" + replace_string_in_a_file $TmpDir/sscep.conf $orig_fingerprint $replace_fingerprint + + #do scep enrollment + rlRun "scep_do_enroll_with_sscep $scep_enroll_pin $scep_enroll_url $scep_host_ip $TmpDir $digest" + + rlAssertGrep "pkistatus: SUCCESS" "$TmpDir/scep_enroll.out" + rlAssertGrep "certificate written as $TmpDir/cert.crt" "$TmpDir/scep_enroll.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/cert.crt" + rlAssertGrep "-----END CERTIFICATE-----" "$TmpDir/cert.crt" + rlPhaseEnd + rlPhaseStartTest "pki_ca_scep_tests_cleanup: delete temporary directory and turn off sscep " + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + #Turn off scep + replace_string_in_a_file $ca_config_file $replace_string $search_string + if [ $? -eq 0 ] ; then + chown pkiuser:pkiuser $ca_config_file + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + fi + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/legacy/subca-tests/scep_tests/subca-scep-enroll.sh b/tests/dogtag/acceptance/legacy/subca-tests/scep_tests/subca-scep-enroll.sh new file mode 100644 index 000000000..8c9c76af1 --- /dev/null +++ b/tests/dogtag/acceptance/legacy/subca-tests/scep_tests/subca-scep-enroll.sh @@ -0,0 +1,192 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy-tests/subca-tests/scep_tests +# Description: SCEP Enrollment with SUBCA +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki commands needs to be tested: +# /usr/bin/sscep +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-legacy-subca-scep_tests() +{ + local subsystemType=$1 + local csRole=$2 + + rlPhaseStartSetup "Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $csRole $TmpDir/topo_file + if [ $cs_Role="MASTER" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then + SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + fi + local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME) + local ca_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT) + local ca_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT) + local ca_host=$(eval echo \$${csRole}) + local valid_agent_user=$SUBCA_INST\_agentV + local valid_agent_user_password=$SUBCA_INST\_agentV_password + local valid_admin_user=$SUBCA_INST\_adminV + local valid_admin_user_password=$SUBCA_INST\_adminV_password + local valid_audit_user=$SUBCA_INST\_auditV + local valid_audit_user_password=$SUBCA_INST\_auditV_password + local valid_operator_user=$SUBCA_INST\_operatorV + local valid_operator_user_password=$SUBCA_INST\_operatorV_password + local valid_agent_cert=$SUBCA_INST\_agentV + local ca_config_file="/var/lib/pki/$tomcat_name/ca/conf/CS.cfg" + local search_string="ca.scep.enable=false" + local replace_string="ca.scep.enable=true" + + rlPhaseStartTest "pki_subca_scep_tests-001: Perform scep enrollment with the SUBCA using sha512 fingerprint" + local scep_enroll_url="http://$ca_host:$ca_unsecure_port/ca/cgi-bin/pkiclient.exe" + local scep_location="ftp://wiki.idm.lab.bos.redhat.com/dirsec/images-mp1/packages/scep_software/sscep/rhel7-x86_64_modified" + local scep_enroll_pin="netscape" + local scep_password="netscape" + local scep_host_ip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') + + #Turn on scep + replace_string_in_a_file $ca_config_file $search_string $replace_string + if [ $? -eq 0 ] ; then + chown pkiuser:pkiuser $ca_config_file + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + fi + + rlRun "wget $scep_location/sscep -O $TmpDir/sscep" + #delete extisting sscep from /usr/bin if any + rlLog "Delete existing sscep from /usr/bin = rm -rf /usr/bin/sscep" + rlRun "rm -rf /usr/bin/sscep" + #Move sscep to /usr/bin + rlRun "mv $TmpDir/sscep /usr/bin" + rlRun "chmod +x /usr/bin/sscep" + #Get mkrequest + rlRun "wget $scep_location/mkrequest -O $TmpDir/mkrequest" + rlRun "mv $TmpDir/mkrequest /usr/bin" + rlRun "chmod +x /usr/bin/mkrequest" + + #Add a flatfile auth to the SUBCA instance conf dir + local ca_file_loc="/var/lib/pki/$tomcat_name/ca/conf/flatfile.txt" + cat > $ca_file_loc << ca_file_loc_EOF +UID:$scep_host_ip +PWD:$scep_password +ca_file_loc_EOF + #Restart SUBCA + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + + local digest=sha512 + + #Copy sscep.conf file + rlRun "wget $scep_location/sscep.conf -O $TmpDir/sscep.conf" + #do scep enrollment + rlRun "scep_do_enroll_with_sscep $scep_enroll_pin $scep_enroll_url $scep_host_ip $TmpDir $digest" + + rlAssertGrep "pkistatus: SUCCESS" "$TmpDir/scep_enroll.out" + rlAssertGrep "certificate written as $TmpDir/cert.crt" "$TmpDir/scep_enroll.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/cert.crt" + rlAssertGrep "-----END CERTIFICATE-----" "$TmpDir/cert.crt" + rlPhaseEnd + + rlPhaseStartTest "pki_subca_scep_tests-002: Perform scep enrollment with the SUBCA using sha256 fingerprint" + local scep_enroll_url="http://$ca_host:$ca_unsecure_port/ca/cgi-bin/pkiclient.exe" + local scep_location="ftp://wiki.idm.lab.bos.redhat.com/dirsec/images-mp1/packages/scep_software/sscep/rhel7-x86_64_modified" + local scep_enroll_pin="netscape" + local scep_password="netscape" + local scep_host_ip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') + + #Turn on scep + replace_string_in_a_file $ca_config_file $search_string $replace_string + if [ $? -eq 0 ] ; then + chown pkiuser:pkiuser $ca_config_file + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + fi + + rlRun "wget $scep_location/sscep -O $TmpDir/sscep" + #delete extisting sscep from /usr/bin if any + rlLog "Delete existing sscep from /usr/bin = rm -rf /usr/bin/sscep" + rlRun "rm -rf /usr/bin/sscep" + #Move sscep to /usr/bin + rlRun "mv $TmpDir/sscep /usr/bin" + rlRun "chmod +x /usr/bin/sscep" + #Get mkrequest + rlRun "wget $scep_location/mkrequest -O $TmpDir/mkrequest" + rlRun "mv $TmpDir/mkrequest /usr/bin" + rlRun "chmod +x /usr/bin/mkrequest" + + #Add a flatfile auth to the SUBCA instance conf dir + local ca_file_loc="/var/lib/pki/$tomcat_name/ca/conf/flatfile.txt" + cat > $ca_file_loc << ca_file_loc_EOF +UID:$scep_host_ip +PWD:$scep_password +ca_file_loc_EOF + #Restart SUBCA + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + + local digest=sha256 + + #Copy sscep.conf file + rlRun "wget $scep_location/sscep.conf -O $TmpDir/sscep.conf" + local orig_fingerprint="FingerPrint sha512" + local replace_fingerprint="FingerPrint $digest" + replace_string_in_a_file $TmpDir/sscep.conf $orig_fingerprint $replace_fingerprint + + #do scep enrollment + rlRun "scep_do_enroll_with_sscep $scep_enroll_pin $scep_enroll_url $scep_host_ip $TmpDir $digest" + + rlAssertGrep "pkistatus: SUCCESS" "$TmpDir/scep_enroll.out" + rlAssertGrep "certificate written as $TmpDir/cert.crt" "$TmpDir/scep_enroll.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/cert.crt" + rlAssertGrep "-----END CERTIFICATE-----" "$TmpDir/cert.crt" + rlPhaseEnd + + + rlPhaseStartTest "pki_subca_scep_tests_cleanup: delete temporary directory and turn off sscep " + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + #Turn off scep + replace_string_in_a_file $ca_config_file $replace_string $search_string + if [ $? -eq 0 ] ; then + chown pkiuser:pkiuser $ca_config_file + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + fi + rlPhaseEnd +} diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index e20887bf9..8b434edfb 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -194,6 +194,7 @@ . ./acceptance/legacy/ca-tests/renewal/renew_manual.sh . ./acceptance/legacy/ca-tests/renewal/renew_DirAuthUserCert.sh . ./acceptance/legacy/ca-tests/renewal/renew_caSSLClientCert.sh +. ./acceptance/legacy/ca-tests/scep_tests/scep-enroll.sh . ./acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh . ./acceptance/legacy/subca-tests/acls/subca-ad-acls.sh . ./acceptance/legacy/subca-tests/internaldb/subca-ad-internaldb.sh @@ -208,6 +209,7 @@ . ./acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh . ./acceptance/legacy/subca-tests/profiles/subca-ag-profiles.sh . ./acceptance/legacy/subca-tests/logs/subca-ad-logs.sh +. ./acceptance/legacy/subca-tests/scep_tests/subca-scep-enroll.sh . ./acceptance/legacy/drm-tests/acls/drm-ad-acls.sh . ./acceptance/legacy/drm-tests/agent/drm-ag-tests.sh . ./acceptance/legacy/drm-tests/internaldb/drm-ad-internaldb.sh @@ -1537,23 +1539,29 @@ rlJournalStart run_ca-ee-ocsp_tests $subsystemType $MYROLE fi PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_MANUAL | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-renew-manual tests - subsystemType=ca - run_pki-legacy-ca-renew_manual_tests $subsystemType $MYROLE - fi - PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-renew-directory-auth-usercert tests - subsystemType=ca - run_pki-legacy-ca-renew_dir_auth_user_cert_tests $subsystemType $MYROLE - fi - PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-renew-sslclient-cert tests - subsystemType=ca - run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests $subsystemType $MYROLE - fi + if [ "$PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-renew-manual tests + subsystemType=ca + run_pki-legacy-ca-renew_manual_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-renew-directory-auth-usercert tests + subsystemType=ca + run_pki-legacy-ca-renew_dir_auth_user_cert_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-renew-sslclient-cert tests + subsystemType=ca + run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_SCEP_ENROLL_UPPERCASE=$(echo $PKI_LEGACY_CA_SCEP_ENROLL | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute ca scep enroll tests + subsystemType=ca + run_pki-legacy-ca-scep_tests $subsystemType $MYROLE + fi PKI_LEGACY_KRA_AG_UPPERCASE=$(echo $PKI_LEGACY_KRA_AG_TESTS | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_KRA_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=kra @@ -1650,6 +1658,12 @@ rlJournalStart subsystemType=ca run_admin-subca-log_tests $subsystemType $MYROLE fi + PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_SCEP_ENROLL | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute subca scep enroll tests + subsystemType=ca + run_pki-legacy-subca-scep_tests $subsystemType $MYROLE + fi PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AD_USERGROUPS | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_OCSP_AD_USERGROUPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then subsystemType=ocsp diff --git a/tests/dogtag/shared/rhcs-shared.sh b/tests/dogtag/shared/rhcs-shared.sh index c82b8d3a2..e12631908 100755 --- a/tests/dogtag/shared/rhcs-shared.sh +++ b/tests/dogtag/shared/rhcs-shared.sh @@ -21,6 +21,7 @@ # forward_system_clock <number_of_days> # reverse_system_clock <number_of_days> # replace_string_in_a_file <file_name> <original_string> <replace_string> +# scep_do_enroll_with_sscep <scep_enroll_pin> <scep_enroll_url> <scep_host_ipaddr> <temp_dir> <fingerprint> ###################################################################### ####################################################################### @@ -345,6 +346,39 @@ replace_string_in_a_file() # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# scep_do_enroll_with_sscep <scep_enroll_pin> <scep_enroll_url> <scep_host_ipaddr> <temp_dir> <fingerprint> +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +scep_do_enroll_with_sscep() +{ + local scep_enroll_pin=$1 + local scep_enroll_url=$2 + local ipaddress=$3 + local temp_dir=$4 + local digest=$5 + local rc=0 + + rlRun "/bin/rm -f $temp_dir/local.csr $temp_dir/local.key $temp_dir/ca.crt $temp_dir/cert.crt" + + #generate a key + rlLog "/usr/bin/mkrequest -ip $ipaddress $scep_enroll_pin $digest" + rlRun "/usr/bin/mkrequest -ip $ipaddress $scep_enroll_pin $digest > $temp_dir/gen_key" + + #get ca cert + rlLog "/usr/bin/sscep getca -c $temp_dir/ca.crt -u $scep_enroll_url" + rlRun "/usr/bin/sscep getca -c $temp_dir/ca.crt -u $scep_enroll_url > $temp_dir/getca_out" + + #submit enrollment request + rlLog "/usr/bin/sscep enroll -f $temp_dir/sscep.conf -c $temp_dir/ca.crt -k $temp_dir/local.key -r $temp_dir/local.csr -l $temp_dir/cert.crt -u $scep_enroll_url" + rlRun "/usr/bin/sscep enroll -f $temp_dir/sscep.conf -c $temp_dir/ca.crt -k $temp_dir/local.key -r $temp_dir/local.csr -l $temp_dir/cert.crt -u $scep_enroll_url > $temp_dir/scep_enroll.out" + if [ $? -ne 0 ] ; then + rc=1 + fi + + return $rc +} +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # disable_ca_nonce # Usage: disable_ca_nonce <ca_server_root> # |