diff options
author | Niranjan Mallapadi <mrniranjan@redhat.com> | 2015-03-12 17:35:03 +0530 |
---|---|---|
committer | Niranjan Mallapadi <mrniranjan@redhat.com> | 2015-03-12 17:36:35 +0530 |
commit | a1b68d34a82d0a27e2c5eccdcb8d4e866ddfd602 (patch) | |
tree | 655b7de11789e9ea52557c036d84f7a2a1fad548 /tests | |
parent | 22ab9648aa88af7d75f5bdd4490ce9444ee6dd67 (diff) | |
download | pki-a1b68d34a82d0a27e2c5eccdcb8d4e866ddfd602.tar.gz pki-a1b68d34a82d0a27e2c5eccdcb8d4e866ddfd602.tar.xz pki-a1b68d34a82d0a27e2c5eccdcb8d4e866ddfd602.zip |
Port legacy clone drm tests to beaker
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/dogtag/Makefile | 1 | ||||
-rwxr-xr-x | tests/dogtag/acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh | 329 | ||||
-rwxr-xr-x | tests/dogtag/runtest.sh | 6 |
3 files changed, 336 insertions, 0 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index a2af21a74..74c5fa355 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -293,6 +293,7 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/legacy/tks-tests/usergroups/tks-ad-usergroups.sh chmod a+x ./acceptance/legacy/ipa-tests/ipa_backend_plugin.sh chmod a+x ./acceptance/legacy/clone_ca_tests/clone_tests.sh + chmod a+x ./acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh # bug verifications chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh diff --git a/tests/dogtag/acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh b/tests/dogtag/acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh new file mode 100755 index 000000000..3e342ae42 --- /dev/null +++ b/tests/dogtag/acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh @@ -0,0 +1,329 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh +# Description: DRM Clone tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi <mniranja@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +clone_legacy_drm_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for clone drm tests + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + #local variables + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME) + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + local CLONE_KRA_INST=$(cat $TmpDir/topo_file | grep MY_CLONE_KRA | cut -d= -f2) + local target_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_kra_host=$(eval echo \$${cs_Role}) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local clone_kra_secure_port=$(eval echo \$${CLONE_KRA_INST}_SECURE_PORT) + local clone_kra_unsecure_port=$(eval echo \$${CLONE_KRA_INST}_UNSECURE_PORT) + local valid_ca_agent_cert=$CA_INST\_agentV + local valid_agent_cert=$KRA_INST\_agentV + local valid_audit_cert=$KRA_INST\_auditV + local valid_operator_cert=$KRA_INST\_operatorV + local valid_admin_cert=$KRA_INST\_adminV + local revoked_agent_cert=$KRA_INST\_agentR + local revoked_admin_cert=$KRA_INST\_adminR + local expired_admin_cert=$KRA_INST\_adminE + local expired_agent_cert=$KRA_INST\_agentE + local admin_out="$TmpDir/admin_out" + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local cert_info="$TmpDir/cert_info" + local ca_profile_out="$TmpDir/ca-profile-out" + local cert_out="$TmpDir/cert-show.out" + local cert_show_out="$TmpDir/cert_show.out" + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + local SSL_DIR=$CERTDB_DIR + disable_ca_nonce $tomcat_name + + rlPhaseStartSetup "Restart Directory Server instance of clone kra1" + rlLog "systemctl restart dirsrv@$(eval echo \$${CLONE_KRA_INST}_LDAP_INSTANCE_NAME)" + rlRun "systemctl restart dirsrv@$(eval echo \$${CLONE_KRA_INST}_LDAP_INSTANCE_NAME)" + rlPhaseEnd + + rlPhaseStartSetup "Generate caDualCert using CRMF Request of key size 1024" + local request_type=crmf + local request_key_type=rsa + local request_key_size=1024 + local profile=caDualCert + local userid="foo$RANDOM" + local usercn="$userid user" + local usermail="$userid@example.org" + local test_out=ca-$profile-test1.txt + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Create a new certificate request of type $request_type with key size $request_key_size" + rlRun "create_new_cert_request \ + tmp_nss_db:$TEMP_NSS_DB \ + tmp_nss_db_password:$TEMP_NSS_DB_PWD \ + request_type:$request_type \ + request_algo:$request_key_type \ + request_size:$request_key_size \ + subject_cn:\"$usercn\" \ + subject_uid:$userid \ + subject_email:$usermail \ + subject_ou:IDM \ + subject_organization:RedHat \ + subject_country:US \ + subject_archive:true \ + cert_request_file:$TEMP_NSS_DB/$rand-request.pem \ + cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile" + local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2) + rlLog "cert_requestdn=$cert_requestdn" + rlRun "cat $TEMP_NSS_DB/$rand-request.pem | python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' > $TEMP_NSS_DB/$rand-encoded-request.pem" + rlLog "curl --basic --dump-header $admin_out \ + -d \"cert_request_type=$request_type&enckeyParam=$request_key_size&signKeyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&sn_uid=$userid&sn_e=$useremail&sn_cn=$usercn&sn_ou3=&sn_ou2=&sn_ou1=&sn_ou=IDM&sn_o=RedHat&sn_c=US&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient" + + rlRun "curl --basic --dump-header $admin_out \ + -d \"cert_request_type=$request_type&enckeyParam=$request_key_size&signKeyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&sn_uid=$userid&sn_e=$useremail&sn_cn=$usercn&sn_ou3=&sn_ou2=&sn_ou1=&sn_ou=IDM&sn_o=RedHat&sn_c=US&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput=false\" \ + -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out" + local request_id=$(cat -v $TmpDir/$test_out | grep 'requestList.requestId' | awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}') + rlLog "Approve $request_id using $valid_agent_cert" + rlLog "Approve $request_id using $valid_agent_cert" + local Second=`date +'%S' -d now` + local Minute=`date +'%M' -d now` + local Hour=`date +'%H' -d now` + local Day=`date +'%d' -d now` + local Month=`date +'%m' -d now` + local Year=`date +'%Y' -d now` + local start_year=$Year + let end_year=$Year+1 + local end_day="1" + local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second" + local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_ca_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"requestId=$request_id&name=$cert_requestdn¬Before=$notBefore¬After=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=false&keyUsageNonRepudiation=false&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4&subjAltNameExtCritical=false&subjAltNames=null&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \ + -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id1" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') + local certificate_in_base64=$(cat -v $TmpDir/$test_out | grep 'outputList.outputVal' | awk -F 'outputList.outputVal=\"' '{print $2}' | awk -F '-----BEGIN CERTIFICATE-----' '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE-----/' | sed 's/-----END CERTIFICATE-----\\n\";/-----END CERTIFICATE-----/' | sed 's/\\r\\n//g') + rlLog "serial_number=$serial_number" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + local serial_number=$(cat -v $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' | awk -F 'Serial Number: ' '{print $2}') + rlLog "serial_number=$serial_number" + local STRIP_HEX=$(echo $serial_number | cut -dx -f2) + local CONV_UPP_VAL=${STRIP_HEX^^} + local decimal_valid_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL"|bc) + rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert" + rlPhaseEnd + + rlPhaseStartTest "clone_drm_test-001: DRM Agent: List requests" + local reqType='enrollment' + local reqState='reqState' + local lastEntryOnPage='' + local direction='first' + local maxCount='1000' + local minValue='1' + local test_out=drm$reqState + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"reqType=$reqType&reqState=$reqState&lastEntryOnPage=$lastEntryOnPage&direction=$direction&maxCount=$maxCount\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/queryReq\" > $TmpDir/$test_out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"reqType=$reqType&reqState=$reqState&lastEntryOnPage=$lastEntryOnPage&direction=$direction&maxCount=$maxCount\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/queryReq\" > $TmpDir/$test_out" 0 + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + local no_of_records=$(cat $TmpDir/$test_out | grep record.subject= | wc -l) + rlAssertGreaterOrEqual "Verify if the no_of_reocrds is 1 or more" $no_of_records $minValue + rlAssertGrep "record.subject=\"$cert_requestdn\"" "$TmpDir/$test_out" + rlPhaseEnd + + + rlPhaseStartTest "clone_drm_test-002: DRM Agent: View Request details" + local seqNum='1' + local test_out=request.out + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"seqNum=$seqNum\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/processReq\" > $TmpDir/$test_out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"seqNum=$seqNum\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/processReq\" > $TmpDir/$test_out" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "header.keyAlgorithm = \"1.2.840.113549.1.1.1\"" "$TmpDir/$test_out" + rlAssertGrep "header.requestType = \"enrollment\"" "$TmpDir/$test_out" + rlPhaseEnd + + + rlPhaseStartTest "clone_drm_test-003: DRM Agent: Search Requests by owner" + local op='srchKey' + local maxResults='10' + local maxCount='5' + local queryFilter="(keyOwnerName=$cert_requestdn)" + local test_out=$op\.out + rlLog "Sleep for 10s" + rlRun "sleep 15" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=$op&maxResults=$maxResults&maxCount=$maxCount&queryFilter=$queryFilter\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/srchKey\" > $TmpDir/$test_out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=$op&maxResults=$maxResults&maxCount=$maxCount&queryFilter=$queryFilter\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/srchKey\"> $TmpDir/$test_out" 0 "Search Archival requests with queryfilter as $queryFilter" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "record.state=\"VALID\"" "$TmpDir/$test_out" + rlAssertGrep "record.ownerName=\"$cert_requestdn\"" "$TmpDir/$test_out" + rlPhaseEnd + + rlPhaseStartTest "clone_drm_test-004: DRM Agent: Search request by key Identifiers" + local op='srchKey' + local maxResults='1000' + local maxCount='5' + local queryFilter="(keySerialNumber >= 1)" + local test_out=$op\.out + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=$op&maxResults=$maxResults&maxCount=$maxCount&queryFilter=$queryFilter\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/srchKey\" > $TmpDir/$test_out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=$op&maxResults=$maxResults&maxCount=$maxCount&queryFilter=$queryFilter\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/srchKey\"> $TmpDir/$test_out" 0 "Search Archival requests with queryfilter as $queryFilter" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "record.state=\"VALID\"" "$TmpDir/$test_out" + rlAssertGrep "record.ownerName=\"$cert_requestdn\"" "$TmpDir/$test_out" + local no_of_records=$(cat $TmpDir/$test_out | grep record.ownerName= | wc -l) + rlAssertGreaterOrEqual "Verify if the no_of_reocrds is 1 or more" $no_of_records $minValue + rlPhaseEnd + + rlPhaseStartTest "clone_drm_test-005: DRM Agent: Search request by Archiver" + local op='srchKey' + local maxResults='1000' + local maxCount='5' + local queryFilter="(keyArchivedBy = CA-$tmp_ca_host-$target_secure_port)" + local test_out=$op\.out + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=$op&maxResults=$maxResults&maxCount=$maxCount&queryFilter=$queryFilter\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/srchKey\" > $TmpDir/$test_out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=$op&maxResults=$maxResults&maxCount=$maxCount&queryFilter=$queryFilter\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/srchKey\"> $TmpDir/$test_out" 0 "Search Archival requests with queryfilter as $queryFilter" + rlAssertGrep "HTTP/1.1 200 OK" "$admin_out" + rlAssertGrep "record.state=\"VALID\"" "$TmpDir/$test_out" + rlAssertGrep "record.ownerName=\"$cert_requestdn\"" "$TmpDir/$test_out" + local no_of_records=$(cat $TmpDir/$test_out | grep record.ownerName= | wc -l) + rlAssertGreaterOrEqual "Verify if the no_of_reocrds is 1 or more" $no_of_records $minValue + rlPhaseEnd + + rlPhaseStartTest "clone_drm_test-006: DRM Agent: Recover Archived keys" + local localAgents='yes' + local test_out=search.out + local op=srchKeyForRecovery + local maxResults=10 + local maxCount=5 + local queryFilter="(keyOwnerName=$cert_requestdn)" + rlRun "export SSL_DIR=$CERTDB_DIR" + rlLog "Cert Serial Number: $serial_number" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n $valid_ca_agent_cert -h $tmp_ca_host -p $tmp_ca_port cert-show $serial_number --encoded --output $TmpDir/$serial_number-cert.out" 0 "Store the $serial_number cert in a file" + rlLog "Convert $TmpDir/$serial_number-cert.out to unix format" + rlRun "dos2unix $TmpDir/$serial_number-cert.out" + local CERT=$(cat $TmpDir/$serial_number-cert.out) + # search and retrieve the key Identifier + rlLog "curl --cacert $CERTDB_DIr/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=$op&maxResults=$maxResults&maxCount=$maxCount&queryFilter=$queryFilter\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/srchKeyForRecovery\" > $TmpDir/$test_out" + rlRun "curl --cacert $CERTDB_DIr/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=$op&maxResults=$maxResults&maxCount=$maxCount&queryFilter=$queryFilter\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/srchKeyForRecovery\" > $TmpDir/$test_out" + local kraSerialNumber=$(cat $TmpDir/$test_out | grep record.serialNumber= |awk -F "\"" '{print $2}') + # Display by serial for recovery + local test_out=display.out + rlLog "curl --cacert $CERTDB_DIr/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=displayBySerialForRecovery&serialNumber=$kraSerialNumber\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/displayBySerialForRecovery\" > $TmpDir/$test_out" + rlRun "curl --cacert $CERTDB_DIr/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"op=displayBySerialForRecovery&serialNumber=$kraSerialNumber\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/displayBySerialForRecovery\" > $TmpDir/$test_out" + rlAssertGrep "header.state = \"VALID\"" "$TmpDir/$test_out" + local recoveryID=$(cat $TmpDir/$test_out | grep "header.recoveryID = " |awk -F "\"" '{print $2}') + rlLog "recoveryID=$recoveryID" + local test_out=recovery.out + #Recover cert + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"initAsyncRecovery=ON&localAgents=$localAgents&recoveryID=$recoveryID&serialNumber=$kraSerialNumber\" --data-urlencode \"cert=$certificate_in_base64\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/recoverBySerial\" > $TmpDir/$test_out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \ + --dump-header $admin_out \ + -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \ + -d \"initAsyncRecovery=ON&localAgents=$localAgents&recoveryID=$recoveryID&serialNumber=$kraSerialNumber\" --data-urlencode \"cert=$certificate_in_base64\" -k \"https://$tmp_kra_host:$clone_kra_secure_port/kra/agent/kra/recoverBySerial\" > $TmpDir/$test_out" 0 "Recover $serialNumber" + rlPhaseEnd + + rlPhaseStartCleanup "Delete temporary dir and enable nonce" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + enable_ca_nonce $tomcat_name + rlPhaseEnd +} +verify_cert() +{ + local serial_number=$1 + local request_dn=$2 + STRIP_HEX=$(echo $serial_number | cut -dx -f2) + CONV_LOW_VAL=${STRIP_HEX,,} + rlRun "pki -h $tmp_ca_host -p $target_unsecure_port cert-show $serial_number > $cert_show_out" 0 "Executing pki cert-show $serial_number" + rlAssertGrep "Serial Number: 0x$CONV_LOW_VAL" "$cert_show_out" + rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$cert_show_out" + rlAssertGrep "Subject: $request_dn" "$cert_show_out" + rlAssertGrep "Status: VALID" "$cert_show_out" +} diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index d613a0973..6dccf289b 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -226,6 +226,7 @@ . ./acceptance/legacy/tks-tests/acls/tks-ad-acls.sh . ./acceptance/legacy/ipa-tests/ipa_backend_plugin.sh . ./acceptance/legacy/clone_ca_tests/clone_tests.sh +. ./acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh . ./acceptance/bugzilla/bug_setup.sh . ./acceptance/bugzilla/bug_uninstall.sh . ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh @@ -1721,6 +1722,11 @@ rlJournalStart subsystemType=ca clone_legacy_ca_tests $subsystemType $MYROLE fi + PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CLONE_KRA_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CLONE_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPERCASE" = "TRUE" ]; then + subsystemType=kra + clone_legacy_drm_tests $subsystemType $MYROLE + fi rlPhaseEnd ######## DEV UNIT TESTS ############ DEV_JAVA_TESTS_UPPERCASE=$(echo $DEV_JAVA_TESTS | tr [a-z] [A-Z]) |