summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorNiranjan Mallapadi <mrniranjan@redhat.com>2014-07-07 14:34:00 +0530
committerNiranjan Mallapadi <mrniranjan@redhat.com>2014-07-07 16:01:24 +0530
commit28e8977e2e99551cdb46f1d650118a3fdaf00a9a (patch)
tree61036830533dade6f0c2f66b575fed11ed1c37ca /tests
parent958d0e9233b95823984081042e67d8f2b2599d4b (diff)
downloadpki-28e8977e2e99551cdb46f1d650118a3fdaf00a9a.tar.gz
pki-28e8977e2e99551cdb46f1d650118a3fdaf00a9a.tar.xz
pki-28e8977e2e99551cdb46f1d650118a3fdaf00a9a.zip
automation scripts for pki cert-find
Add new automation script pki-cert-cli-find-ca.sh modify Makefile and runtests.sh to include pki-cert-find automation
Diffstat (limited to 'tests')
-rwxr-xr-xtests/dogtag/Makefile1
-rwxr-xr-xtests/dogtag/acceptance/cli-tests/pki-cert-cli/pki-cert-cli-find-ca.sh4235
-rwxr-xr-xtests/dogtag/runtest.sh7
3 files changed, 4243 insertions, 0 deletions
diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile
index 30dd867fb..638409166 100755
--- a/tests/dogtag/Makefile
+++ b/tests/dogtag/Makefile
@@ -103,6 +103,7 @@ build: $(BUILT_FILES)
chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-release-hold.sh
chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-hold.sh
chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-cli-request-submit-ca.sh
+ chmod a+x ./acceptance/cli-tests/pki-cert-cli/pki-cert-cli-find-ca.sh
clean:
rm -f *~ $(BUILT_FILES)
diff --git a/tests/dogtag/acceptance/cli-tests/pki-cert-cli/pki-cert-cli-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-cert-cli/pki-cert-cli-find-ca.sh
new file mode 100755
index 000000000..2ceb7c8ba
--- /dev/null
+++ b/tests/dogtag/acceptance/cli-tests/pki-cert-cli/pki-cert-cli-find-ca.sh
@@ -0,0 +1,4235 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-cert-cli
+# Description: PKI CERT CLI tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki cert cli commands needs to be tested:
+# pki-cert-find
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Author: Niranjan Mallapadi <mrniranjan@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+# This copyrighted material is made available to anyone wishing
+# to use, modify, copy, or redistribute it subject to the terms
+# and conditions of the GNU General Public License version 2.
+#
+# This program is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+# PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/pki-profile-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_pki-cert-find-ca_tests()
+{
+
+ local CA_agentV_user=CA_agentV
+ local CA_auditV_user=CA_auditV
+ local CA_operatorV_user=CA_operatorV
+ local CA_adminV_user=CA_adminV
+ local CA_agentR_user=CA_agentR
+ local CA_adminR_user=CA_adminR
+ local CA_adminE_user=CA_adminE
+ local CA_agentE_user=CA_agentE
+ local rand=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1)
+ local i18n_user1_fullname="Örjan Äke $rand"
+ local i18n_user1="Örjan_Äke_$rand"
+ local i18n_user2_fullname="Éric Têko $rand"
+ local i18n_user2="Éric_Têko_$rand"
+ local i18n_user3_fullname="éénentwintig dvidešimt $rand"
+ local i18n_user3="éénentwintig_dvidešimt_$rand"
+ local i18n_user4_fullname="kakskümmend üks $rand"
+ local i18n_user4="kakskümmend_üks_$rand"
+ local i18n_user5_fullname="двадцять один тридцять $rand"
+ local i18n_user5="двадцять_один_тридцять_$rand"
+ local tmp_junk_data=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 200 | head -n 1)
+ local admin_cert_nickname="PKI Administrator for $CA_DOMAIN"
+ local target_host=$(hostname)
+ local target_port=8080
+
+ # Creating Temporary Directory for pki cert-show
+
+ rlPhaseStartSetup "pki cert-show Temporary Directory"
+ rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
+ local TEMP_NSS_DB="$TmpDir/nssdb"
+ local TEMP_NSS_DB_PWD="redhat"
+ local temp_out="$TmpDir/cert-show.out"
+ local cert_info="$TmpDir/cert_info"
+ local cert_find_info="$TmpDir/cert_find_info"
+ local cert_req_info="$TmpDir/cert_req_info.out"
+ local exp="$TmpDir/expfile.out"
+ local expout="$TmpDir/exp_out"
+ local certout="$TmpDir/cert_out"
+ rlPhaseEnd
+
+ # pki cert cli config test
+ rlPhaseStartTest "pki_cert_cli-configtest: pki cert-show --help configuration test"
+ rlRun "pki cert-find --help > $TmpDir/cert-find.out 2>&1" 0 "pki cert-find --help"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$TmpDir/cert-find.out"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$TmpDir/cert-find.out"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$TmpDir/cert-find.out"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$TmpDir/cert-find.out"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$TmpDir/cert-find.out"
+ rlAssertGrep " CA" "$TmpDir/cert-find.out"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$TmpDir/cert-find.out"
+ rlAssertGrep " CA" "$TmpDir/cert-find.out"
+ rlAssertGrep " --country <name> Subject's country" "$TmpDir/cert-find.out"
+ rlAssertGrep " --email <email> Subject's email address" "$TmpDir/cert-find.out"
+ rlAssertGrep " --help Show help options" "$TmpDir/cert-find.out"
+ rlAssertGrep " --input <file path> File containing the search" "$TmpDir/cert-find.out"
+ rlAssertGrep " constraints" "$TmpDir/cert-find.out"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$TmpDir/cert-find.out"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$TmpDir/cert-find.out"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$TmpDir/cert-find.out"
+ rlAssertGrep " --locality <name> Subject's locality" "$TmpDir/cert-find.out"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$TmpDir/cert-find.out"
+ rlAssertGrep " provided" "$TmpDir/cert-find.out"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$TmpDir/cert-find.out"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$TmpDir/cert-find.out"
+ rlAssertGrep " --name <name> Subject's common name" "$TmpDir/cert-find.out"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$TmpDir/cert-find.out"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$TmpDir/cert-find.out"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$TmpDir/cert-find.out"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$TmpDir/cert-find.out"
+ rlAssertGrep " --size <size> Page size" "$TmpDir/cert-find.out"
+ rlAssertGrep " --start <start> Page start" "$TmpDir/cert-find.out"
+ rlAssertGrep " --state <name> Subject's state" "$TmpDir/cert-find.out"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$TmpDir/cert-find.out"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$TmpDir/cert-find.out"
+ rlAssertGrep " REVOKED_EXPIRED" "$TmpDir/cert-find.out"
+ rlAssertGrep " --uid <user id> Subject's userid" "$TmpDir/cert-find.out"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$TmpDir/cert-find.out"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$TmpDir/cert-find.out"
+ rlAssertGrep " \"<=\" or \">=\"" "$TmpDir/cert-find.out"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$TmpDir/cert-find.out"
+ rlAssertGrep " week, month (default), year" "$TmpDir/cert-find.out"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$TmpDir/cert-find.out"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$TmpDir/cert-find.out"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$TmpDir/cert-find.out"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$TmpDir/cert-find.out"
+ rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/cert-find.out"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "Create a new profile based on caUserCert with Netscape Extension nsCertEmail"
+ local tmp_profile=caUserCert
+ local tmp_new_user_profile=caUserCert$rand
+ rlLog "Get $tmp_profile xml file"
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-show $tmp_profile --output $TmpDir/$tmp_new_user_profile-Temp1.xml"
+ rlRun "sed -i s/"$tmp_profile"/"$tmp_new_user_profile/" $TmpDir/$tmp_new_user_profile-Temp1.xml"
+ rlRun "enable_netscape_ext \"$TmpDir/$tmp_new_user_profile-Temp1.xml\" \"nsCertEmail\""
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-add $TmpDir/$tmp_new_user_profile-Temp1.xml 1> $TmpDir/cert-profile-add.out"
+ rlAssertGrep "Added profile $tmp_new_user_profile" "$TmpDir/cert-profile-add.out"
+ rlRun "pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD ca-profile-enable $tmp_new_user_profile"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-001: Verify no search results are returned with certTypeSecureEmail off when Netscape Ext. are not set ony any certs"
+ rlLog "Executing pki cert-find --certTypeSecureEmail off"
+ rlRun "pki cert-find --certTypeSecureEmail off 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-002: Verify no search results are returned with certTypeSecureEmail on when Netscape Ext. are not set on any certs"
+ rlLog "Executing pki cert-find --certTypeSecureEmail on"
+ rlRun "pki cert-find --certTypeSecureEmail on 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-003: Verify no search results are returned with certTypeSSLClient off when Netscape Ext. are not set ony any certs"
+ rlLog "Executing pki cert-find --certTypeSSLClient off"
+ rlRun "pki cert-find --certTypeSSLClient off 1> $cert_find_info"
+
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-004: Verify no search results are returned with certTypeSSLClient on when Netscape Ext. are not set on any certs"
+ rlLog "Executing pki cert-find --certTypeSSLClient on"
+ rlRun "pki cert-find --certTypeSSLClient on 1> $cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-005: Verify no search results are returned with certTypeSSLServer off when Netscape Ext. are not set ony any certs"
+ rlLog "Executing pki cert-find --certTypeSSLServer off"
+ rlRun "pki cert-find --certTypeSSLServer off 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-006: Verify no search results are returned with certTypeSSLServer on when Netscape Ext. are not set on any certs"
+ rlLog "Executing pki cert-find --certTypeSSLServer on"
+ rlRun "pki cert-find --certTypeSSLServer on 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-007: Verify no search results are returned with certTypeSubEmailCA off when Netscape Ext. are not set ony any certs"
+ rlLog "Executing pki cert-find --certTypeSubEmailCA off"
+ rlRun "pki cert-find --certTypeSubEmailCA off 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-008: Verify no search results are returned with certTypeSubEmailCA on when Netscape Ext. are not set on any certs"
+ rlLog "Executing pki cert-find --certTypeSubEmailCA on"
+ rlRun "pki cert-find --certTypeSubEmailCA on 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-009: Verify no search results are returned with certTypeSubSSLCA off when Netscape Ext. are not set ony any certs"
+ rlLog "Executing pki cert-find --certTypeSubSSLCA off"
+ rlRun "pki cert-find --certTypeSubSSLCA off 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0010: Verify no search results are returned with certTypeSubSSLCA on when Netscape Ext. are not set on any certs"
+ rlLog "Executing pki cert-find --certTypeSubSSLCA on"
+ rlRun "pki cert-find --certTypeSubSSLCA on 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0011: verify certs with nsCertEmail extension are returned with --certTypeSecureEmail on"
+ rlLog "Enroll a cert with nsCertEmail Extension"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile:$tmp_new_user_profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_requestdn=$(cat $cert_info | grep cert_requestdn | cut -d- -f2)
+ rlRun "pki cert-find -certTypeSecureEmail on 1> $cert_find_info"
+ rlRun "pki cert-show $cert_serialNumber --pretty 1> $TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "Subject DN: $cert_requestdn" "$cert_find_info"
+ rlAssertGrep "Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "Secure Email" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0012: verify No certs with nsCertEmail extension are returned with --certTypeSecureEmail off"
+ rlLog "Executing pki cert-find --certTypeSecureEmail off"
+ rlRun "pki cert-find --certTypeSecureEmail off 1> $cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0013: verify no certs are returned with --certTypeSecureEmail SomeJunkValue"
+ rlLog "Executing pki cert-find --certTypeSecureEmail \"$tmp_junk_data\""
+ rlRun "pki cert-find --certTypeSecureEmail \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0014: verify no certs are returned with when nothing is passed to --certTypeSecureEmail"
+ rlLog "Executing pki cert-find --certTypeSecureEmail"
+ rlRun "pki cert-find --certTypeSecureEmail >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: certTypeSecureEmail" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "Create a new profile based on caServerCert with Netscape Extension nsCertSSLClient"
+ local tmp_profile=caServerCert
+ local tmp_new_sslclient_profile=caServerCert$rand
+ rlLog "Get $tmp_profile xml file"
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-show $tmp_profile --output $TmpDir/$tmp_new_sslclient_profile-Temp1.xml"
+ rlRun "sed -i s/"$tmp_profile"/"$tmp_new_sslclient_profile/" $TmpDir/$tmp_new_sslclient_profile-Temp1.xml"
+ rlRun "enable_netscape_ext \"$TmpDir/$tmp_new_sslclient_profile-Temp1.xml\" \"nsCertSSLClient\""
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-add $TmpDir/$tmp_new_sslclient_profile-Temp1.xml 1> $TmpDir/cert-profile-add.out"
+ rlAssertGrep "Added profile $tmp_new_sslclient_profile" "$TmpDir/cert-profile-add.out"
+ rlRun "pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD ca-profile-enable $tmp_new_sslclient_profile"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0015: verify certs with nsCertSSLClient extension are returned with --certTypeSSLClient on"
+ rlLog "Enroll a cert with nsCertSSLClient Extension"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn:\"host$rand.example.org\" \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile:$tmp_new_sslclient_profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_requestdn=$(cat $cert_info | grep cert_requestdn | cut -d- -f2)
+ rlRun "pki cert-find --certTypeSSLClient on --size 1000 1> $cert_find_info"
+ rlRun "pki cert-show $cert_serialNumber --pretty 1> $TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "Subject DN: $cert_requestdn" "$cert_find_info"
+ rlAssertGrep "Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "SSL Client" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0016: verify No certs with nsCertSSLClient extension are returned with --certTypeSSLClient off"
+ rlLog "Executing pki cert-find --certTypeSSLClient off"
+ rlRun "pki cert-find --certTypeSSLClient off 1> $cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0017: verify no certs are returned with --certTypeSSLClient SomeJunkValue"
+ rlLog "Executing pki cert-find --certTypeSSLClient \"$tmp_junk_data\""
+ rlRun "pki cert-find --certTypeSSLClient \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0018: verify no certs are returned with when nothing is passed to --certTypeSSLClient"
+ rlLog "Executing pki cert-find --certTypeSSLClient"
+ rlRun "pki cert-find --certTypeSSLClient >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: certTypeSSLClient" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "Create a new profile based on caServerCert with Netscape Extension nsCertSSLServer"
+ local tmp_profile=caServerCert
+ local rand=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1)
+ local tmp_new_sslserver_profile=caServerCert$rand
+ rlLog "Get $tmp_profile xml file"
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-show $tmp_profile --output $TmpDir/$tmp_new_sslserver_profile-Temp1.xml"
+ rlRun "sed -i s/"$tmp_profile"/"$tmp_new_sslserver_profile/" $TmpDir/$tmp_new_sslserver_profile-Temp1.xml"
+ rlRun "enable_netscape_ext \"$TmpDir/$tmp_new_sslserver_profile-Temp1.xml\" \"nsCertSSLServer\""
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-add $TmpDir/$tmp_new_sslserver_profile-Temp1.xml 1> $TmpDir/cert-profile-add.out"
+ rlAssertGrep "Added profile $tmp_new_sslserver_profile" "$TmpDir/cert-profile-add.out"
+ rlRun "pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD ca-profile-enable $tmp_new_sslserver_profile"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0019: verify certs with nsCertSSLServer extension are returned with --certTypeSSLServer on"
+ rlLog "Enroll a cert with nsCertSSLServer Extension"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn:\"server$rand.example.org\" \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile:$tmp_new_sslserver_profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_requestdn=$(cat $cert_info | grep cert_requestdn | cut -d- -f2)
+ rlRun "pki cert-find --certTypeSSLServer on --size 1000 1> $cert_find_info"
+ rlRun "pki cert-show $cert_serialNumber --pretty 1> $TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "Subject DN: $cert_requestdn" "$cert_find_info"
+ rlAssertGrep "Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "SSL Server" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0020: verify No certs with nsCertSSLServer extension are returned with --certTypeSSLServer off"
+ rlLog "Executing pki cert-find --certTypeSSLServer off"
+ rlRun "pki cert-find --certTypeSSLServer off 1> $cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0021: verify no certs are returned with --certTypeSSLServer SomeJunkValue"
+ rlLog "Executing pki cert-find --certTypeSSLServer \"$tmp_junk_data\""
+ rlRun "pki cert-find --certTypeSSLServer \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0022: verify no certs are returned with when nothing is passed to --certTypeSSLServer"
+ rlLog "Executing pki cert-find --certTypeSSLServer"
+ rlRun "pki cert-find --certTypeSSLServer >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: certTypeSSLServer" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "Create a new profile based on caServerCert with Netscape Extension nsCertSSLServer and nsCertSSLClient"
+ local tmp_profile=caServerCert
+ local rand=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1)
+ local tmp_new_server_client_profile=caServerCert$rand
+ rlLog "Get $tmp_profile xml file"
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-show $tmp_profile --output $TmpDir/$tmp_new_server_client_profile-Temp1.xml"
+ rlRun "sed -i s/"$tmp_profile"/"$tmp_new_server_client_profile/" $TmpDir/$tmp_new_server_client_profile-Temp1.xml"
+ rlRun "enable_netscape_ext \"$TmpDir/$tmp_new_server_client_profile-Temp1.xml\" \"nsCertSSLServer\" \"nsCertSSLClient\""
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-add $TmpDir/$tmp_new_server_client_profile-Temp1.xml 1> $TmpDir/cert-profile-add.out"
+ rlAssertGrep "Added profile $tmp_new_server_client_profile" "$TmpDir/cert-profile-add.out"
+ rlRun "pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD ca-profile-enable $tmp_new_server_client_profile"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0023: verify certs with nsCertSSLServer & nsCertSSLClient extension are returned with --certTypeSSLServer on --certTypeSSLClient on"
+ rlLog "Enroll a cert with nsCertSSLServer Extension"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn:\"server$rand.example.org\" \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile:$tmp_new_server_client_profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_requestdn=$(cat $cert_info | grep cert_requestdn | cut -d- -f2)
+ rlLog "Executing pki cert-find --certTypeSSLServer on --certTypeSSLClient on"
+ rlRun "pki cert-find --certTypeSSLServer on --certTypeSSLClient on --size 1000 1> $cert_find_info"
+ rlRun "pki cert-show $cert_serialNumber --pretty 1> $TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "Subject DN: $cert_requestdn" "$cert_find_info"
+ rlAssertGrep "Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "SSL Server" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "Create a new profile based on caOtherCert with Netscape Extension nsCertEmailCA"
+ local tmp_profile=caOtherCert
+ local rand=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1)
+ local tmp_new_emailca_profile=caOtherCert$rand
+ rlLog "Get $tmp_profile xml file"
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-show $tmp_profile --output $TmpDir/$tmp_new_emailca_profile-Temp1.xml"
+ rlRun "sed -i s/"$tmp_profile"/"$tmp_new_emailca_profile/" $TmpDir/$tmp_new_emailca_profile-Temp1.xml"
+ rlRun "enable_netscape_ext \"$TmpDir/$tmp_new_emailca_profile-Temp1.xml\" \"nsCertEmailCA\""
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-add $TmpDir/$tmp_new_emailca_profile-Temp1.xml 1> $TmpDir/cert-profile-add.out"
+ rlAssertGrep "Added profile $tmp_new_emailca_profile" "$TmpDir/cert-profile-add.out"
+ rlRun "pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD ca-profile-enable $tmp_new_emailca_profile"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0024: verify certs with nsCertEmailCA extension are returned with --certTypeSubEmailCA on"
+ rlLog "Enroll a cert with nsCertEmailCA Extension"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn:\"Example$rand CA\" \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile:$tmp_new_emailca_profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_requestdn=$(cat $cert_info | grep cert_requestdn | cut -d- -f2)
+ rlRun "pki cert-find --certTypeSubEmailCA on --size 1000 1> $cert_find_info"
+ rlRun "pki cert-show $cert_serialNumber --pretty 1> $TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "Subject DN: $cert_requestdn" "$cert_find_info"
+ rlAssertGrep "Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "Secure Email CA" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0025: verify No certs with nsCertEmailCA extension are returned with --certTypeSubEmailCA off"
+ rlLog "Executing pki cert-find --certTypeSubEmailCA off"
+ rlRun "pki cert-find --certTypeSubEmailCA off 1> $cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0026: verify no certs are returned with --certTypeSubEmailCA SomeJunkValue"
+ rlLog "Executing pki cert-find --certTypeSubEmailCA \"$tmp_junk_data\""
+ rlRun "pki cert-find --certTypeSubEmailCA \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0027: verify no certs are returned with when nothing is passed to --certTypeSubEmailCA"
+ rlLog "Executing pki cert-find --certTypeSubEmailCA"
+ rlRun "pki cert-find --certTypeSubEmailCA >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: certTypeSubEmailCA" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "Create a new profile based on caOtherCert with Netscape Extension nsCertSSLCA"
+ local tmp_profile=caOtherCert
+ local rand=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1)
+ local tmp_new_sslca_profile=caOtherCert$rand
+ rlLog "Get $tmp_profile xml file"
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-show $tmp_profile --output $TmpDir/$tmp_new_sslca_profile-Temp1.xml"
+ rlRun "sed -i s/"$tmp_profile"/"$tmp_new_sslca_profile/" $TmpDir/$tmp_new_sslca_profile-Temp1.xml"
+ rlRun "enable_netscape_ext \"$TmpDir/$tmp_new_sslca_profile-Temp1.xml\" \"nsCertSSLCA\""
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-add $TmpDir/$tmp_new_sslca_profile-Temp1.xml 1> $TmpDir/cert-profile-add.out"
+ rlAssertGrep "Added profile $tmp_new_sslca_profile" "$TmpDir/cert-profile-add.out"
+ rlRun "pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD ca-profile-enable $tmp_new_sslca_profile"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0028: verify certs with nsCertSSLCA extension are returned with --certTypeSubSSLCA on"
+ rlLog "Enroll a cert with nsCertSSLCA Extension"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn:\"Example$rand CA\" \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile:$tmp_new_sslca_profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_requestdn=$(cat $cert_info | grep cert_requestdn | cut -d- -f2)
+ rlRun "pki cert-find --certTypeSubSSLCA on --size 1000 1> $cert_find_info"
+ rlRun "pki cert-show $cert_serialNumber --pretty 1> $TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "Subject DN: $cert_requestdn" "$cert_find_info"
+ rlAssertGrep "Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "SSL CA" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0029: verify No certs with nsCertSSLServer extension are returned with --certTypeSubSSLCA off"
+ rlLog "Executing pki cert-find --certTypeSubSSLCA off"
+ rlRun "pki cert-find --certTypeSubSSLCA off 1> $cert_find_info"
+ rlAssertNotGrep "20 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0030: verify no certs are returned with --certTypeSubSSLCA SomeJunkValue"
+ rlLog "Executing pki cert-find --certTypeSubSSLCA \"$tmp_junk_data\""
+ rlRun "pki cert-find --certTypeSubSSLCA \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1047"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0031: verify no certs are returned with when nothing is passed to --certTypeSubSSLCA"
+ rlLog "Executing pki cert-find --certTypeSubSSLCA"
+ rlRun "pki cert-find --certTypeSubSSLCA >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: certTypeSubSSLCA" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartSetup "Create a new profile based on caOtherCert with Netscape Extension nsCertEmailCA and nsCertSSLCA"
+ local tmp_profile=caOtherCert
+ local rand=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1)
+ local tmp_new_email_ssl_ca_profile=caOtherCert$rand
+ rlLog "Get $tmp_profile xml file"
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-show $tmp_profile --output $TmpDir/$tmp_new_email_ssl_ca_profile-Temp1.xml"
+ rlRun "sed -i s/"$tmp_profile"/"$tmp_new_email_ssl_ca_profile/" $TmpDir/$tmp_new_email_ssl_ca_profile-Temp1.xml"
+ rlRun "enable_netscape_ext \"$TmpDir/$tmp_new_email_ssl_ca_profile-Temp1.xml\" \"nsCertEmailCA\" \"nsCertSSLCA\""
+ rlRun "pki -d $CERTDB_DIR -n CA_adminV -c $CERTDB_DIR_PASSWORD ca-profile-add $TmpDir/$tmp_new_email_ssl_ca_profile-Temp1.xml 1> $TmpDir/cert-profile-add.out"
+ rlAssertGrep "Added profile $tmp_new_email_ssl_ca_profile" "$TmpDir/cert-profile-add.out"
+ rlRun "pki -d $CERTDB_DIR -n CA_agentV -c $CERTDB_DIR_PASSWORD ca-profile-enable $tmp_new_email_ssl_ca_profile"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0032: verify certs with nsCertSSLCA and nsCertEmail CA extension are returned with --certTypeSubSSLCA on --certTypeSubEmailCA on"
+ rlLog "Enroll a cert with nsCertSSLCA and nsCertEmailCA Extension"
+ rlLog "tmp_new_email_ssl_ca_profile = $tmp_new_email_ssl_ca_profile"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn:\"Example$rand CA\" \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile:$tmp_new_email_ssl_ca_profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_requestdn=$(cat $cert_info | grep cert_requestdn | cut -d- -f2)
+ rlLog "Executing pki cert-find --certTypeSubSSLCA on --certTypeSubEmailCA on --size 1000"
+ rlRun "pki cert-find --certTypeSubSSLCA on --certTypeSubEmailCA on --size 1000 1> $cert_find_info"
+ rlRun "pki cert-show $cert_serialNumber --pretty 1> $TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "Subject DN: $cert_requestdn" "$cert_find_info"
+ rlAssertGrep "Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlAssertGrep "SSL CA" "$TmpDir/$cert_serialNumber-cert-show.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0033: verify certs which have Country US in subject name are returned with --country US"
+ rlLog "Executing pki cert-find --country US"
+ rlRun "pki cert-find --country US 1> $cert_find_info"
+ rlRun "cat $cert_find_info | grep \"Subject DN:\" | grep US" 0 "verify certs which have Country US in subject name"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0034: verify no certs are returned when junk value is passed to --country"
+ rlLog "Executing pki cert-find --country \"$tmp_junk_data\""
+ rlRun "pki cert-find --country \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0035: verify --country <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --country"
+ rlRun "pki cert-find --country >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: country" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0036: verify certs which have country US in subject name are returned with --country uS (case insensitive test)"
+ rlLog "Executing pki cert-find --country uS"
+ rlRun "pki cert-find --country uS 1> $cert_find_info"
+ rlRun "cat $cert_find_info | grep \"Subject DN:\" | grep US" 0 "verify certs which have Country US in subject name"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0037: search certs with specific email id and verify certs with that specific email id in Subject name are only returned"
+ rlLog "Generate a cert with subject name CN=Foo User$rand,UID=FooUser$rand,E=FooUser$rand@example.org,OU=FOO,O=Example.org,C=US"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn:\"Foo User$rand\" \
+ subject_uid:FooUser$rand \
+ subject_email:FooUser$rand@example.org \
+ subject_ou:FOO subject_o:Example.org \
+ subject_c:US \
+ archive:false \
+ req_profile:caUserCert \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ rlLog "Executing pki cert-find --email FooUser$rand@example.org"
+ rlRun "pki cert-find --email FooUser$rand@example.org 1> $cert_find_info"
+ rlRun "cat $cert_find_info | grep \"Subject DN:\" | grep FooUser$rand@example.org" \
+ 0 "Verify search results return cert having E=FooUser$rand@example.org in subject"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0038: Multiple search: Search certs which matches specificy email, Country and has netscape Extension nsCertEmail"
+ rlLog "Generate a cert with subject name CN=FooNew User$rand,UID=FooNewUser$rand,E=FooNewUser$rand@example.org,OU=FOO,O=Example.org,C=IN"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn:\"FooNew User$rand\" \
+ subject_uid:FooNewUser$rand \
+ subject_email:FooNewUser$rand@example.org \
+ subject_ou:FOO \
+ subject_o:Example.org \
+ subject_c:IN \
+ archive:false \
+ req_profile:$tmp_new_user_profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlLog "Executing pki cert-find --certTypeSecureEmail on --country IN --email FooNewUser$rand@example.org"
+ rlRun "pki cert-find --certTypeSecureEmail on --country IN --email FooUser$rand@example.org 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertGrep "Subject DN: $cert_subject" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0039: verify no certs are returned when junk value is passed to --email"
+ rlLog "Executing pki cert-find --email \"$tmp_junk_data\""
+ rlRun "pki cert-find --email \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0040: verify --email <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --email"
+ rlRun "pki cert-find --email >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: email" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0041: verify certs which have <SpecificEmailid@example.org> in subject name are returned with --email <specificemailid@example.org> (case insensitive test)"
+ rlLog "Executing pki cert-find --email foouser$rand@exampl.eorg"
+ rlRun "pki cert-find --email foouser$rand@example.org 1> $cert_find_info"
+ rlRun "cat $cert_find_info | grep \"Subject DN:\" | grep FooUser$rand@example.org" \
+ 0 "Verify cert having E=FooUser$rand@example.org in subjectDN is returned"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0042: verify certs which have special characters in email id are properly returned when searched with --email"
+ rlLog "Generate a cert with subject name CN=Foo User$rand 2,UID=FooUser$rand\.2,E=FooUser$rand\.2@example.org,OU=FOO,O=Example.org,C=US"
+ rlRun "generate_new_cert \
+ tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:pkcs10 \
+ algo:rsa \
+ key_size:1024 \
+ subject_cn:\"Foo User$rand 2\" \
+ subject_uid:FooUser$rand\.2 \
+ subject_email:FooUser$rand\.2@example.org \
+ subject_ou:FOO \
+ subject_o:Example.org \
+ subject_c:US \
+ archive:false \
+ req_profile:caUserCert \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ rlLog "Executing pki cert-find --email FooUser$rand\.2@example.org"
+ rlRun "pki cert-find --email FooUser$rand\.2@example.org 1> $cert_find_info"
+ rlRun "cat $cert_find_info | grep \"Subject DN:\" | grep FooUser$rand\.2@example.org" \
+ 0 "Verify Cert having E=FooUser$rand\.2@example.org in Subject Name is returned"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0043: Search certs issued by Admin user (caadmin)"
+ local profile_user=caadmin
+ rlLog "Executing pki cert-find --issuedBy $profile_user"
+ rlRun "pki cert-find --issuedBy $profile_user --size 1000 1> $cert_find_info"
+ local tmp_result=$(cat $cert_find_info | grep \"Issued By\" | grep -v $profile_user | wc -l)
+ if [ $tmp_result != 0 ]; then
+ rlFail "Search results include certs not issued by $profile_user"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0044: Search certs issued by Admin user (CA_agentV)"
+ local profile_user=CA_agentV
+ rlLog "Executing pki cert-find --issuedBy $profile_user"
+ rlRun "pki cert-find --issuedBy $profile_user --size 1000 1> $cert_find_info"
+ local tmp_result=$(cat $cert_find_info | grep \"Issued By\" | grep -v $profile_user | wc -l)
+ if [ $tmp_result != 0 ]; then
+ rlFail "Search results include certs not issued by $profile_user"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0045: search certs issued by system (system)"
+ local profile_user=system
+ rlLog "Executing pki cert-find --issuedBy $profile_user"
+ rlRun "pki cert-find --issuedBy $profile_user --size 1000 1> $cert_find_info"
+ local tmp_result=$(cat $cert_find_info | grep \"Issued By\" | grep -v $profile_user | wc -l)
+ if [ $tmp_result != 0 ]; then
+ rlFail "Search results include certs not issued by $profile_user"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartSetup "Setup a user with Agent privileges, Approve the certs and later delete the user"
+ local pki_user="pki_tmpuser_$rand"
+ local pki_user_fullName="PKI Temporary User $rand"
+ local pki_pwd="Secret123"
+ rlLog "Create user $pki_user"
+ rlRun "pki -d $CERTDB_DIR -n \"$CA_adminV_user\" \
+ -c $CERTDB_DIR_PASSWORD ca-user-add $pki_user \
+ --fullName \"$pki_user_fullName\" \
+ --password $pki_pwd" 0 "Create $pki_user User"
+ rlLog "Generate cert for user $pki_user"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"$pki_user_fullName\" \
+ subject_uid:$pki_user \
+ subject_email:$pki_user@example.org \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile:$profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlLog "Get the $pki_user cert in a output file"
+ rlRun "pki cert-show $cert_serialNumber --encoded --output $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki-cert-show.out"
+ rlAssertGrep "Certificate \"$cert_serialNumber\"" "$TEMP_NSS_DB/pki-cert-show.out"
+ rlRun "pki cert-show 0x1 --encoded --output $TEMP_NSS_DB/ca_cert.pem 1> $TEMP_NSS_DB/ca-cert-show.out"
+ rlAssertGrep "Certificate \"0x1\"" "$TEMP_NSS_DB/ca-cert-show.out"
+ rlLog "Add the $pki_user cert to $TEMP_NSS_DB NSS DB"
+ rlRun "pki -d $TEMP_NSS_DB \
+ -c $TEMP_NSS_DB_PWD \
+ -n "$pki_user" client-cert-import \
+ --cert $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki-client-cert.out"
+ rlAssertGrep "Imported certificate \"$pki_user\"" "$TEMP_NSS_DB/pki-client-cert.out"
+ rlLog "Get CA cert imported to $TEMP_NSS_DB NSS DB"
+ rlRun "pki -d $TEMP_NSS_DB \
+ -c $TEMP_NSS_DB_PWD \
+ -n \"CA Signing Certificate - $CA_DOMAIN Security Domain\" client-cert-import \
+ --ca-cert $TEMP_NSS_DB/ca_cert.pem 1> $TEMP_NSS_DB/pki-ca-cert.out"
+ rlAssertGrep "Imported certificate \"CA Signing Certificate - $CA_DOMAIN Security Domain\"" "$TEMP_NSS_DB/pki-ca-cert.out"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca user-cert-add $pki_user \
+ --input $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki_user_cert_add.out"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$admin_cert_nickname\" \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca group-member-add \"Certificate Manager Agents\" $pki_user > $TmpDir/pki-user-add-ca-group.out"
+ rlAssertGrep "Added group member \"$pki_user\"" "$TmpDir/pki-user-add-ca-group.out"
+ rlAssertGrep "User: $pki_user" "$TmpDir/pki-user-add-ca-group.out"
+ local i=1
+ local upperlimit=3
+ while [ $i -ne $upperlimit ] ; do
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"Foo $rand User $i\" \
+ subject_uid:Foo-$rand-User$i \
+ subject_email:Foo-$rand-User$i@example.org \
+ subject_ou: \
+ subject_o: \
+ subject_c:FR \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$TEMP_NSS_DB \
+ cert_db_pwd:$TEMP_NSS_DB_PWD certdb_nick:\"$pki_user\" cert_info:$cert_info"
+ let i=$i+1
+ done
+ rlLog "Delete user $pki_user"
+ rlRun "pki -d $CERTDB_DIR -n \"$admin_cert_nickname\" -c $CERTDB_DIR_PASSWORD ca-user-del $pki_user 1> $TmpDir/delete-user-$pki_user.out"
+ rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/delete-user-$pki_user.out"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0046: search certs issued by deleted Agent user"
+ local profile_user=$pki_user
+ rlLog "Executing pki cert-find --issuedBy $profile_user"
+ rlRun "pki cert-find --issuedBy $profile_user --size 1000 1> $cert_find_info"
+ local tmp_result=$(cat $cert_find_info | grep \"Issued By\" | grep -v $profile_user | wc -l)
+ if [ $tmp_result != 0 ]; then
+ rlFail "Search results include certs not issued by $profile_user"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0047: verify no certs are returned when junk value is passed to --issuedBy"
+ rlLog "Executing pki cert-find --issuedBy \"$tmp_junk_data\""
+ rlRun "pki cert-find --issuedBy \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0048: verify --issuedBy <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --issuedBy"
+ rlRun "pki cert-find --issuedBy >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: issuedBy" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0049: Multiple Searches: search certs having specific emailid ,country and issued by Agent which no longer exists"
+ rlLog "Executing pki cert-find --email Foo-$rand-User1@example.org --country FR --issuedBy pki_tmpuser_$rand"
+ rlRun "pki cert-find --email Foo-$rand-User1@example.org --country FR --issuedBy pki_tmpuser_$rand 1> $cert_find_info"
+ rlAssertGrep "Foo-$rand-User1@example.org" "$cert_find_info"
+ rlAssertGrep "C=FR" "$cert_find_info"
+ rlAssertGrep "Issued By: pki_tmpuser_$rand" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0050: search certs with which are issued from Current date --issuedOnFrom <YYYY-MM-DD>"
+ local tmp_cur_date=$(date +%Y-%m-%d)
+ rlLog "Generate 5 Certs"
+ local i=1
+ local upperlimit=6
+ while [ $i -ne $upperlimit ] ; do
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"PKI $rand User $i\" \
+ subject_uid:pki-$rand-User$i \
+ subject_email:pki-$rand-User$i@example.org \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ let i=$i+1
+ done
+ rlRun "pki cert-find --issuedOnFrom $tmp_cur_date --size 1000 1> $cert_find_info"
+ local find_tmp_result1=$(cat $cert_find_info | grep "Not Valid Before" | awk -F "Not Valid Before: " '{print $2}' | grep -v "$(date +%b\ %d)" | wc -l)
+ local find_tmp_result2=$(cat $cert_find_info | grep "Not Valid Before" | awk -F "Not Valid Before: " '{print $2}' | grep -v "$(date +%Y)" | wc -l)
+ if [ $find_tmp_result1 != 0 && $find_temp_result!=0 ]; then
+ rlFail "Search results include certs not issued by $tmp_cur_date"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0051: verify no certs are returned when invalid date is passed to --issuedOnFrom"
+ local tmp_cur_date=$(date +%d-%Y-%m)
+ rlRun "pki cert-find --issuedOnFrom $tmp_cur_date --size 1000 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0052: verify no certs are returned when junk value is passed to --issuedOnFrom"
+ rlLog "Executing pki cert-find --issuedOnFrom \"$tmp_junk_data\""
+ rlRun "pki cert-find --issuedOnFrom \"$tmp_junk_data\" 2> $cert_find_info" 1,255
+ rlAssertGrep "ParseException: Unparseable date: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0053: verify --issuedOnFrom <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --issuedOnFrom"
+ rlRun "pki cert-find --issuedOnFrom >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: issuedOnFrom" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0054: Test-1:search certs with which are issued from Current date --issuedOnTo <YYYY-MM-DD> and verify results returned have certs issued till today"
+ local tmp_cur_date=$(date +%Y-%m-%d)
+ local cur_date=$(date)
+ local end_date=$(date --date='1 day')
+ rlLog "Generate a cert on a future date, which should not show up on pki cert-find --issuedOnTo $tmp_cur_date"
+ rlLog "Current Date/Time: $(date)"
+ rlLog "Current Date/Time: before modifying using chrony $(date)"
+ rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Move system to $end_date + 1 day ahead"
+ rlRun "chronyc -a -m 'offline' 'settime $end_date' 'makestep' 'manual reset' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Date after modifying using chrony: $(date)"
+ rlLog "Generate certs which will be valid from next day $(date +%d --date='1 day')"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:server$rand\.example.org \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_org: \
+ subject_c:US \
+ archive:false \
+ req_profile:caServerCert \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlLog "Set the date back to it\'s original date & time"
+ rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlRun "pki cert-find --issuedOnTo $tmp_cur_date --size 1000 1> $cert_find_info"
+ local find_tmp_result1=$(cat $cert_find_info | grep "Not Valid Before" | awk -F "Not Valid Before: " '{print $2}' | grep "$(date +%b --date='1 month')" | wc -l)
+ local find_tmp_result2=$(cat $cert_find_info | grep "Not Valid Before" | awk -F "Not Valid Before: " '{print $2}' | grep "$(date +%d --date='1 day')" | wc -l)
+ if [[ $find_tmp_result1 != 0 ]] && [[ $find_temp_result2 != 0 ]] ; then
+ rlFail "Search results include certs that have been issued after $tmp_cur_date"
+ fi
+ rlAssertNotGrep "$cert_serialNumber" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0055: verify no certs are returned when invalid date is passed to --issuedOnTo"
+ local tmp_fail_cur_date=$(date +%Y-%d-%m)
+ rlRun "pki cert-find --issuedOnTo $tmp_fail_cur_date --size 1000 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0056: verify no certs are returned when junk value is passed to --issuedOnTo"
+ rlLog "Executing pki cert-find --issuedOnTo \"$tmp_junk_data\""
+ rlRun "pki cert-find --issuedOnTo \"$tmp_junk_data\" 2> $cert_find_info" 1,255
+ rlAssertGrep "ParseException: Unparseable date: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0057: verify --issuedOnTo <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --issuedOnTo"
+ rlRun "pki cert-find --issuedOnTo >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: issuedOnTo" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0058: Multiple Searches: search certs having specific emailid ,country, appproved by specific agent on specific date"
+ rlLog "Executing pki cert-find --email Foo-$rand-User1@example.org --country FR --issuedBy pki_tmpuser_$rand --issuedOnTo $tmp_cur_date"
+ rlRun "pki cert-find --email Foo-$rand-User1@example.org --country FR --issuedBy pki_tmpuser_$rand --issuedOnTo $tmp_cur_date 1> $cert_find_info"
+ rlAssertGrep "Foo-$rand-User1@example.org" "$cert_find_info"
+ rlAssertGrep "C=FR" "$cert_find_info"
+ rlAssertGrep "Issued By: pki_tmpuser_$rand" "$cert_find_info"
+ rlAssertGrep "Issued On: $(date +%a\ %b\ %d)" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0059: search and return all certs which have serial Number less than or equal to specific serial Number using --maxSerialNumber"
+ local max_serial_number=0xf
+ rlLog "Executing pki cert-find --maxSerialNumber $max_serial_number"
+ rlRun "pki cert-find --maxSerialNumber $max_serial_number 1> $cert_find_info"
+ local strip_hex_serialNumber=$(echo $max_serial_number | cut -dx -f2)
+ local conv_upp_val=${strip_hex_serialNumber^^}
+ local decimal_valid_serialNumber=$(echo "ibase=16;$conv_upp_val"|bc)
+ rlAssertGrep "Number of entries returned $decimal_valid_serialNumber" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0060: search and return all certs which have serialNumber less than or equal to specific serial Number using --maxSerialNumber <decimalNumber>"
+ local max_serial_number=15
+ rlLog "Executing pki cert-find --maxSerialNumber $max_serial_number"
+ rlRun "pki cert-find --maxSerialNumber $max_serial_number 1> $cert_find_info"
+ rlAssertGrep "Number of entries returned $max_serial_number" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0061: verify no certs are returned when junk value is passed to --maxSerialNumber"
+ rlLog "Executing pki cert-find --maxSerialNumber \"$tmp_junk_data\""
+ rlRun "pki cert-find --maxSerialNumber \"$tmp_junk_data\" 2> $cert_find_info" 1,255
+ rlAssertGrep "ParseException: Unparseable serialNumber \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0062: verify --maxSerialNumber <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --maxSerialNumber"
+ rlRun "pki cert-find --maxSerialNumber >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: maxSerialNumber" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0063: search and return all certs which have serial Number equal to more than specific serial Number using --minSerialNumber"
+ local min_serial_number=0xf
+ rlLog "Executing pki cert-find --minSerialNumber $min_serial_number"
+ rlRun "pki cert-find --maxSerialNumber $min_serial_number 1> $cert_find_info"
+ local strip_hex_serialNumber=$(echo $min_serial_number | cut -dx -f2)
+ local conv_upp_val=${strip_hex_serialNumber^^}
+ local decimal_valid_serialNumber=$(echo "ibase=16;$conv_upp_val"|bc)
+ rlAssertGrep "Number of entries returned $decimal_valid_serialNumber" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0064: search and return all certs which have serialNumber more than or equal to specific serial Number using --minSerialNumber <decimalNumber>"
+ local min_serial_number=15
+ rlLog "Executing pki cert-find --maxSerialNumber $min_serial_number"
+ rlRun "pki cert-find --maxSerialNumber $min_serial_number 1> $cert_find_info"
+ rlAssertGrep "Number of entries returned $min_serial_number" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0065: verify no certs are returned when junk value is passed to --minSerialNumber"
+ rlLog "Executing pki cert-find --minSerialNumber \"$tmp_junk_data\""
+ rlRun "pki cert-find --minSerialNumber \"$tmp_junk_data\" 2> $cert_find_info" 1,255
+ rlAssertGrep "ParseException: Unparseable serialNumber \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0066: verify --minSerialNumber <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --minSerialNumber"
+ rlRun "pki cert-find --minSerialNumber >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: minSerialNumber" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0067: search certs with valid common name using --name"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"IDM User $rand\" \
+ subject_uid:idmuser$rand \
+ subject_email:IdmUser$rand@example.org \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Executing pki cert-find --name \"IDM User $rand\""
+ rlRun "pki cert-find --name \"IDM User $rand\" 1> $cert_find_info"
+ rlAssertGrep "CN=IDM User $rand" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0068: search certs with valid common name using --name(case insensitive test)"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"IDM QAUser $rand\" \
+ subject_uid:idmQAuser$rand \
+ subject_email:IdmQAUser$rand@example.org \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Executing pki cert-find --name \"idm qauser $rand\""
+ rlRun "pki cert-find --name \"idm qaUser $rand\" 1> $cert_find_info"
+ rlAssertGrep "CN=IDM QAUser $rand" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0069: Test-1: search certs with common name having i18n characters using --name"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"$i18n_user1_fullname\" \
+ subject_uid:$i18n_user1 \
+ subject_email:test@example.org \
+ subject_ou:ExampleQE1 \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Executing pki cert-find --name \"$i18n_user1_fullname\""
+ rlRun "pki cert-find --name \"$i18n_user1_fullname\" 1> $cert_find_info"
+ rlAssertGrep "CN=$i18n_user1_fullname" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0070: Test-2: search certs with common name having i18n characters using --name"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"$i18n_user2_fullname\" \
+ subject_uid:$i18n_user2 \
+ subject_email:test@example.org \
+ subject_ou:ExampleQE2 \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Executing pki cert-find --name \"$i18n_user2_fullname\""
+ rlRun "pki cert-find --name \"$i18n_user2_fullname\" 1> $cert_find_info"
+ rlAssertGrep "CN=$i18n_user2_fullname" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0071: Test-3: search certs with common name having i18n characters using --name"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"$i18n_user3_fullname\" \
+ subject_uid:$i18n_user3 \
+ subject_email:test@example.org \
+ subject_ou:ExampleQE3 \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Executing pki cert-find --name \"$i18n_user3_fullname\""
+ rlRun "pki cert-find --name \"$i18n_user3_fullname\" 1> $cert_find_info"
+ rlAssertGrep "CN=$i18n_user3_fullname" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0072: Test-4: search certs with common name having i18n characters using --name"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"$i18n_user4_fullname\" \
+ subject_uid:$i18n_user4 \
+ subject_email:test@example.org \
+ subject_ou:ExampleQE4 \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Executing pki cert-find --name \"$i18n_user4_fullname\""
+ rlRun "pki cert-find --name \"$i18n_user4_fullname\" 1> $cert_find_info"
+ rlAssertGrep "CN=$i18n_user4_fullname" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0073: Test-5: search certs with common name having i18n characters using --name"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"$i18n_user5_fullname\" \
+ subject_uid:$i18n_user5 \
+ subject_email:test@example.org \
+ subject_ou:ExampleQE5 \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Executing pki cert-find --name \"$i18n_user5_fullname\""
+ rlRun "pki cert-find --name \"$i18n_user5_fullname\" 1> $cert_find_info"
+ rlAssertGrep "CN=$i18n_user5_fullname" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0074: search certs with common name using --name and --matchExactly"
+ rlLog "Generate Temporary Cert with subject Name:UID=pkiqa$rand\user,E=pkiqa$rand\user@example.org,CN=PKIQA $rand User"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"PKIQA $rand User\" \
+ subject_uid:pkiqa$rand\User \
+ subject_email:pkiqa$rand\User@example.org \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Generate 5 Certs with subject Names:UID=pkiqa$rand{user}$i,E=pkiqa$rand{user}$i@example.org,CN=PKIQA $rand User$i"
+ local i=1
+ local upperlimit=3
+ while [ $i -ne $upperlimit ] ; do
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"PKIQA $rand User$i\" \
+ subject_uid:pkiqa$rand\User$i \
+ subject_email:pkiqa$rand\User$i@example.org \
+ subject_ou: \
+ subject_o:Foo.Org \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ let i=$i+1
+ done
+ rlLog "Executing pki cert-find --name \"PKIQA $rand User\" --matchExactly"
+ rlRun "pki cert-find --name \"PKIQA $rand User\" --matchExactly 1> $cert_find_info"
+ rlAssertGrep "CN=PKIQA $rand User" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0075: verify no certs are returned when junk value is passed to --name"
+ rlLog "Executing pki cert-find --name \"$tmp_junk_data\""
+ rlRun "pki cert-find --name \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0076: verify --name <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --name"
+ rlRun "pki cert-find --name >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: name" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0077: search certs with valid user id using --uid"
+ rlLog "Executing pki cert-find --uid idmuser$rand"
+ rlRun "pki cert-find --uid idmuser$rand 1> $cert_find_info"
+ rlAssertGrep "UID=idmuser$rand" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0078: search certs with valid user id using --uid(case insensitive test)"
+ rlLog "Executing pki cert-find --uid idmqauser$rand"
+ rlRun "pki cert-find --uid idmqauser$rand 1> $cert_find_info"
+ rlAssertGrep "UID=idmQAuser$rand" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0079: Test-1: search certs with user id having i18n characters using --uid"
+ rlLog "Executing pki cert-find --uid $i18n_user1"
+ rlRun "pki cert-find --uid $i18n_user1 1> $cert_find_info"
+ rlAssertGrep "UID=$i18n_user1" "$cert_find_info"
+ rlAssertGrep "CN=$i18n_user1_fullname" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0080: Test-2: search certs with user id having i18n characters using --uid"
+ rlLog "Executing pki cert-find --uid $i18n_user2"
+ rlRun "pki cert-find --uid $i18n_user2 1> $cert_find_info"
+ rlAssertGrep "UID=$i18n_user2" "$cert_find_info"
+ rlAssertGrep "CN=$i18n_user2_fullname" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0081: Test-3: search certs with user id having i18n characters using --uid"
+ rlLog "Executing pki cert-find --uid $i18n_user3"
+ rlRun "pki cert-find --uid $i18n_user3 1> $cert_find_info"
+ rlAssertGrep "UID=$i18n_user3" "$cert_find_info"
+ rlAssertGrep "CN=$i18n_user3_fullname" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0082: Test-4: search certs with user id having i18n characters using --uid"
+ rlLog "Executing pki cert-find --uid $i18n_user4"
+ rlRun "pki cert-find --uid $i18n_user4 1> $cert_find_info"
+ rlAssertGrep "UID=$i18n_user4" "$cert_find_info"
+ rlAssertGrep "CN=$i18n_user4_fullname" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0083: Test-5: search certs with user id having i18n characters using --uid"
+ rlLog "Executing pki cert-find --name $i18n_user5"
+ rlRun "pki cert-find --uid $i18n_user5 1> $cert_find_info"
+ rlAssertGrep "CN=$i18n_user5_fullname" "$cert_find_info"
+ rlAssertGrep "UID=$i18n_user5" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0084: search certs with common name using --name and --matchExactly"
+ rlLog "Executing pki cert-find --uid pkiqa$rand\User --matchExactly"
+ rlRun "pki cert-find --uid pkiqa$rand\User --matchExactly 1> $cert_find_info"
+ rlAssertGrep "UID=pkiqa$rand\User" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0085: Multiple Searches: search certs with match specific CN, OrganizationUnit and email id"
+ rlLog "Executing pki cert-find --name "$i18n_user1_fullname" --orgUnit ExampleQE1 --email test@example.org --matchExactly"
+ rlRun "pki cert-find --name \"$i18n_user1_fullname\" --orgUnit ExampleQE1 --email test@example.org --matchExactly 1> $cert_find_info"
+ rlAssertGrep "E=test@example.org" "$cert_find_info"
+ rlAssertGrep "CN=$i18n_user1_fullname" "$cert_find_info"
+ rlAssertGrep "OU=ExampleQE1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0086: verify no certs are returned when junk value is passed to --uid"
+ rlLog "Executing pki cert-find --uid \"$tmp_junk_data\""
+ rlRun "pki cert-find --uid \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0087: verify --uid <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --uid"
+ rlRun "pki cert-find --uid >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: uid" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0088: search certs with valid organization name using --org"
+ local tmp_org="Example Organization $rand"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o:\"$tmp_org\" \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Executing pki cert-find --org \"$tmp_org\""
+ rlRun "pki cert-find --org \"$tmp_org\" 1> $cert_find_info"
+ rlAssertGrep "O=$tmp_org" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0089: search certs with valid organization name using --org(case In-sensitive)"
+ local case_tmp_org="example orGANizaTION $rand"
+ rlLog "Executing pki cert-find --org \"$case_tmp_org\""
+ rlRun "pki cert-find --org \"$case_tmp_org\" 1> $cert_find_info"
+ rlAssertGrep "O=$tmp_org" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0090: verify no certs are returned when junk value is passed to --org"
+ rlLog "Executing pki cert-find --org \"$tmp_junk_data\""
+ rlRun "pki cert-find --org \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0091: verify --org <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --org"
+ rlRun "pki cert-find --org >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: org" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0092: search certs with valid organization name using --orgUnit"
+ local tmp_org_unit="Organization Unit $rand"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou:\"$tmp_org_unit\" \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ rlLog "Executing pki cert-find --orgUnit \"$tmp_org_unit\""
+ rlRun "pki cert-find --orgUnit \"$tmp_org_unit\" 1> $cert_find_info"
+ rlAssertGrep "OU=$tmp_org_unit" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0093: search certs with valid organization name using --orgUnit(case In-sensitive)"
+ local case_tmp_org_unit="orGANizaTION UNIT $rand"
+ rlLog "Executing pki cert-find --orgUnit \"$case_tmp_org_unit\""
+ rlRun "pki cert-find --orgUnit \"$case_tmp_org_unit\" 1> $cert_find_info"
+ rlAssertGrep "OU=$tmp_org_unit" "$cert_find_info"
+ rlAssertGrep "Number of entries returned 1" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0094: verify no certs are returned when junk value is passed to --orgUnit"
+ rlLog "Executing pki cert-find --orgUnit \"$tmp_junk_data\""
+ rlRun "pki cert-find --orgUnit \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0095: verify --orgUnit <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --orgUnit"
+ rlRun "pki cert-find --orgUnit >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: orgUnit" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0096: search certs which have been revoked with reason unspecified using --revocationReason unspecified"
+ local tmp_revoke_reason=unspecified
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason 1> $cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1053"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0097: search certs which have been revoked with reason Key_Compromise using --revocationReason Key_Compromise"
+ local tmp_revoke_reason=Key_Compromise
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason 1> $cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1053"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0098: search certs which have been revoked with reason CA_Compromise using --revocationReason CA_Compromise"
+ local tmp_revoke_reason=CA_Compromise
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason 1> $cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1053"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0099: search certs which have been revoked with reason Affiliation_Changed using --revocationReason Affiliation_Changed"
+ local tmp_revoke_reason=Affiliation_Changed
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason 1> $cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1053"
+ rlPhaseEnd
+
+
+ rlPhaseStartTest "pki_cert_find-0100: search certs which have been revoked with reason Superseded using --revocationReason Superseded"
+ local tmp_revoke_reason=Superseded
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason 1> $cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1053"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0101: search certs which have been revoked with reason Cessation_of_Operation using --revocationReason Cessation_of_Operation"
+ local tmp_revoke_reason=Cessation_of_Operation
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason 1> $cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1053"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0102: search certs which have been revoked with reason Certificate_Hold using --revocationReason Certificate_Hold"
+ local tmp_revoke_reason=Certificate_Hold
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Placed certificate \"$cert_serialNumber\" on-hold" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason 1> $cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1053"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0103: search certs which have been revoked with reason Privilege_Withdrawn using --revocationReason Privilege_Withdrawn"
+ local tmp_revoke_reason=Privilege_Withdrawn
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason 1> $cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1053"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0104: search certs which have been revoked with reason unspecified (Numeric Code 0) using --revocationReason 0"
+ local tmp_revoke_reason=unspecified
+ local tmp_revoke_reason_code=0
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason_code"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason_code --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0105: search certs which have been revoked with reason Key_Compromise (Numeric code 1) using --revocationReason 1"
+ local tmp_revoke_reason=Key_Compromise
+ local tmp_revoke_reason_code=1
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason_code"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason_code --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0106: search certs which have been revoked with reason CA_Compromise(Numeric code 2) using --revocationReason 2"
+ local tmp_revoke_reason=CA_Compromise
+ local tmp_revoke_reason_code=2
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason_code"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason_code --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0107: search certs which have been revoked with reason Affiliation_Changed(Numeric code 3) using --revocationReason 3"
+ local tmp_revoke_reason=Affiliation_Changed
+ local tmp_revoke_reason_code=3
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason_code"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason_code --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0108: search certs which have been revoked with reason Superseded(Numeric Code 4) using --revocationReason 4"
+ local tmp_revoke_reason=Superseded
+ local tmp_revoke_reason_code=4
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason_code"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason_code --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0109: search certs which have been revoked with reason Cessation_of_Operation(Numeric Code 5) using --revocationReason 5"
+ local tmp_revoke_reason=Cessation_of_Operation
+ local tmp_revoke_reason_code=5
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason_code"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason_code --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0110: search certs which have been revoked with reason Certificate_Hold(Numeric Code 6) using --revocationReason 6"
+ local tmp_revoke_reason=Certificate_Hold
+ local tmp_revoke_reason_code=6
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Placed certificate \"$cert_serialNumber\" on-hold" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason_code"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason_code --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0111: search certs which have been revoked with reason Privilege_Withdrawn(Numeric Code 9) using --revocationReason 9"
+ local tmp_revoke_reason=Privilege_Withdrawn
+ local tmp_revoke_reason_code=9
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revocationReason $tmp_revoke_reason_code"
+ rlRun "pki cert-find --revocationReason $tmp_revoke_reason_code --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0112: verify no certs are returned when junk value is passed to --revocationReason"
+ rlLog "Executing pki cert-find --revocationReason \"$tmp_junk_data\""
+ rlRun "pki cert-find --revocationReason \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0113: verify --revocationReason <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --revocationReason"
+ rlRun "pki cert-find --revocationReason >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: revocationReason" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0114: search certs which have been revoked by Admin User using --revokedBy caadmin"
+ local tmp_revoked_user=caadmin
+ local tmp_revoke_reason=unspecified
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$admin_cert_nickname\" \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revokedBy $tmp_revoked_user --minSerialNumber $cert_serialNumber"
+ rlRun "pki cert-find --revokedBy $tmp_revoked_user --minSerialNumber $cert_serialNumber $1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertGrep "Subject DN: $cert_subject" "$cert_find_info"
+ rlAssertGrep "Number of entries" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1054"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0115: search certs which have been revoked by Agent User using --revokedBy CA_agentV"
+ local tmp_revoked_user=CA_agentV
+ local tmp_revoke_reason=Key_Compromise
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn: \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n $tmp_revoked_user \
+ cert-revoke $cert_serialNumber --force --reason $tmp_revoke_reason 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --revokedBy $tmp_revoked_user --minSerialNumber $cert_serialNumber"
+ rlRun "pki cert-find --revokedBy $tmp_revoked_user --minSerialNumber $cert_serialNumber 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertGrep "Subject DN: $cert_subject" "$cert_find_info"
+ rlAssertGrep "Number of entries" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1054"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0116: search certs which have been revoked by agent CA_agentV --revoked CA_agentV(case-insensitive)"
+ tmp_revoked_user=CA_aGENTv
+ rlLog "Executing pki cert-find --revokedBy $tmp_revoked_user --size 1000"
+ rlRun "pki cert-find --revokedBy $tmp_revoked_user --size 1000 1> $cert_find_info"
+ rlAssertGrep "Number of entries" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0117: verify no certs are returned when junk value is passed to --revocationReason"
+ rlLog "Executing pki cert-find --name \"$tmp_junk_data\""
+ rlRun "pki cert-find --revocationReason \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0118: verify --revocationReason <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --revocationReason"
+ rlRun "pki cert-find --revocationReason >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: revocationReason" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0119: search certs with which have been revoked from Current date --revokedOnFrom <YYYY-MM-DD>"
+ local tmp_cur_date=$(date +%Y-%m-%d)
+ rlLog "Generate 3 Certs"
+ local i=1
+ local upperlimit=4
+ while [ $i -ne $upperlimit ] ; do
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:\"PKI Revocation $rand User $i\" \
+ subject_uid:pkirev-$rand-User$i \
+ subject_email:pkirev-$rand-User$i@example.org \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile: \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason unspecified 1> $expout" 0
+ let i=$i+1
+ done
+ rlRun "pki cert-find --revokedOnFrom $tmp_cur_date --size 1000 1> $cert_find_info"
+ rlAssertGrep "Number of entries" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlLog "PKI TICKET:: https//fedorahosted.org/pki/ticket/1055"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0120: verify no certs are returned when invalid date is passed to --revokedOnFrom"
+ local tmp_fail_cur_date=$(date +%d-%Y-%m)
+ rlRun "pki cert-find --revokedOnFrom $tmp_fail_cur_date --size 1000 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0121: verify no certs are returned when junk value is passed to --revokedOnFrom"
+ rlLog "Executing pki cert-find --revokedOnFrom \"$tmp_junk_data\""
+ rlRun "pki cert-find --revokedOnFrom \"$tmp_junk_data\" 2> $cert_find_info" 1,255
+ rlAssertGrep "ParseException: Unparseable date: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0122: verify --revokedOnFrom <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --revokedOnFrom"
+ rlRun "pki cert-find --revokedOnFrom >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: revokedOnFrom" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0123: search revoked certs which are issued from Current date --revokedOnTo <YYYY-MM-DD>"
+ local tmp_cur_date=$(date +%Y-%m-%d)
+ rlRun "pki cert-find --revokedOnTo $tmp_cur_date --size 1000 1> $cert_find_info"
+ rlAssertNotGrep "Status: VALID" "$cert_find_info"
+ rlAssertGrep "Number of entries returned" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0124: Test-1 verify no revoked certs are returned when invalid date is passed to --revokedOnTo YYYY-DD-MM"
+ local tmp_cur_date=$(date +%Y-28-%m)
+ rlLog "Executing pki cert-find --revokedOnTo $tmp_cur_date"
+ rlRun "pki cert-find --revokedOnTo $tmp_cur_date --size 1000 1> $cert_find_info"
+ rlAssertNotGrep "Status: Revoked" "$cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0125: Test-2 verify no revoked certs are returned when invalid date is passed to --revokedOnTo 2048-22-06"
+ local tmp_cur_date=2048-22-06
+ rlLog "Executing pki cert-find --revokedOnTo $tmp_cur_date"
+ rlRun "pki cert-find --revokedOnTo $tmp_cur_date --size 1000 1> $cert_find_info"
+ rlAssertNotGrep "Status: Revoked" "$cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0126: verify no revoked certs are returned when junk value is passed to --revokedOnTo"
+ rlLog "Executing pki cert-find --revokedOnTo \"$tmp_junk_data\""
+ rlRun "pki cert-find --revokedOnTo \"$tmp_junk_data\" 2> $cert_find_info" 1,255
+ rlAssertGrep "ParseException: Unparseable date: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0127: verify --revokedOnTo <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --revokedOnTo"
+ rlRun "pki cert-find --revokedOnTo >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: revokedOnTo" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0128: return a fixed number of search results using --size <validNumber>"
+ local tmp_search_size=15
+ rlLog "Executing pki cert-find --size $tmp_search_size"
+ rlRun "pki cert-find --size $tmp_search_size 1> $cert_find_info"
+ rlAssertGrep "Number of entries returned $tmp_search_size" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0129: verify if search results are returned if a very large number is passed to --size"
+ local tmp_search_size=$(cat /dev/urandom | tr -dc '0-9' | fold -w 20 | head -n 1)
+ rlLog "Executing pki cert-find --size $tmp_search_size"
+ rlRun "pki cert-find --size $tmp_search_size > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "NumberFormatException: For input string: \"$tmp_search_size\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0130: verify no search results are returned when junk value is passed to --size"
+ rlLog "Executing pki cert-find --size \"$tmp_junk_data\""
+ rlRun "pki cert-find --size \"$tmp_junk_data\" 2> $cert_find_info" 1,255
+ rlAssertGrep "NumberFormatException: For input string: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0131: verify --size <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --size"
+ rlRun "pki cert-find --size >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: size" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0132: return a fixed number of search results using --size <validNumber> starting with serialNumber 0x6"
+ local tmp_search_size=15
+ local tmp_start_from=$(expr 5 + 1)
+ rlLog "Executing pki cert-find --size $tmp_search_size --start $tmp_start_from"
+ rlRun "pki cert-find --size $tmp_search_size 1> $cert_find_info"
+ local cert_start_serialNumber=0x$(echo "obase=16;$tmp_start_from"|bc)
+ rlAssertGrep "Serial Number: $cert_start_serialNumber" "$cert_find_info"
+ rlAssertGrep "Number of entries returned $tmp_search_size" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0133: verify no search results are returned when junk value is passed to --start"
+ rlLog "Executing pki cert-find --start \"$tmp_junk_data\""
+ rlRun "pki cert-find --start \"$tmp_junk_data\" 2> $cert_find_info" 1,255
+ rlAssertGrep "NumberFormatException: For input string: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0134: verify --start <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --start"
+ rlRun "pki cert-find --start >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: start" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0135: search certs that have valid Name of the state in subject Name using --state"
+ local tmp_cert_state="North Carolina"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:server$rand\.example.org \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_org: \
+ subject_c:US \
+ archive:false \
+ req_profile:caServerCert \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlLog "Executing pki cert-find --state North Carolina"
+ rlRun "pki cert-find --state \"$tmp_cert_state\" 1> $cert_find_info"
+ rlRun "echo $cert_subject | grep \"$tmp_cert_state\""
+ rlAssertGrep "Subject DN: $cert_subject" "$cert_find_info"
+ rlAssertGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0136: verify no search results are returned when junk value is passed to --state"
+ rlLog "Executing pki cert-find --state \"$tmp_junk_data\""
+ rlRun "pki cert-find --state \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0137: verify --state <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --state"
+ rlRun "pki cert-find --state >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: state" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0138: search certs that have valid localit Name subject Name of the cert using --locality"
+ local tmp_cert_locality="Raleigh"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa \
+ key_size:2048 \
+ subject_cn:server$rand\.example.org \
+ subject_uid: \
+ subject_email: \
+ subject_ou: \
+ subject_org: \
+ subject_c:US \
+ archive:false \
+ req_profile:caServerCert \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlLog "Executing pki cert-find --locality North Carolina"
+ rlRun "pki cert-find --locality \"$tmp_cert_locality\" 1> $cert_find_info"
+ rlRun "echo $cert_subject | grep $tmp_cert_locality"
+ rlAssertGrep "$tmp_cert_locality" "$cert_find_info"
+ rlAssertGrep "Number of entries returned" "$cert_find_info"
+ rlAssertNotGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0139: verify no search results are returned when junk value is passed to --locality"
+ rlLog "Executing pki cert-find --state \"$tmp_junk_data\""
+ rlRun "pki cert-find --locality \"$tmp_junk_data\" 1> $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlAssertNotGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0140: verify --locality <novalue> returns error and command help is returned"
+ rlLog "Executing pki cert-find --locality"
+ rlRun "pki cert-find --locality >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: locality" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0141: search all certs with status VALID"
+ local tmp_cert_status=VALID
+ rlLog "Executing pki cert-find --state $tmp_cert_status"
+ rlRun "pki cert-find --status $tmp_cert_status 1> $cert_find_info"
+ rlAssertGrep "Status: $tmp_cert_status" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0142: search all certs with status REVOKED"
+ local tmp_cert_status=REVOKED
+ rlLog "Executing pki cert-find --state $tmp_cert_status"
+ rlRun "pki cert-find --status $tmp_cert_status 1> $cert_find_info"
+ rlAssertGrep "Status: $tmp_cert_status" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0143: search all certs with status REVOKED_EXPIRED"
+ local validityperiod="1 day"
+ local tmp_cert_status=REVOKED_EXPIRED
+ rlLog "Generate cert with validity period of $validityperiod"
+ rlRun "generate_modified_cert validity_period:\"$validityperiod\" \
+ tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:crmf \
+ algo:rsa \
+ key_size:2048 \
+ cn: \
+ uid: \
+ email: \
+ ou: \
+ org: \
+ country: \
+ archive:false \
+ host: \
+ port: \
+ profile: \
+ cert_db:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ admin_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info \
+ expect_data:$exp"
+ local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2)
+ local cur_date=$(date) # Save current date
+ rlLog "Date & Time before Modifying system date: $cur_date"
+ rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 3 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Date after modifying using chrony: $(date)"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentV_user\" \
+ cert-revoke $cert_serialNumber --force --reason Key_Compromise 1> $expout" 0
+ rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+ rlAssertGrep "Issuer: CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain" "$expout"
+ rlAssertGrep "Status: REVOKED" "$expout"
+ rlLog "Executing pki cert-find --state $tmp_cert_status"
+ rlRun "pki cert-find --status $tmp_cert_status 1> $cert_find_info"
+ rlAssertGrep "Status: $tmp_cert_status" "$cert_find_info"
+ rlLog "Set the date back to it's original date & time"
+ rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Date after running chrony: $(date)"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0144: Search certs which have validity period of 1 day"
+ local validityperiod="1 day"
+ local validitycount="1"
+ local validityoperation="<="
+ local validityunit="day"
+ rlLog "Generate cert with validity period of $validityperiod"
+ rlRun "generate_modified_cert validity_period:\"$validityperiod\" \
+ tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:crmf \
+ algo:rsa \
+ key_size:2048 \
+ cn:\"Test User1 $rand\" \
+ uid:testuser1_$rand \
+ email:testuser1_$rand@example.org \
+ ou: \
+ org: \
+ country: \
+ archive:false \
+ host: \
+ port: \
+ profile: \
+ cert_db:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ admin_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info \
+ expect_data:$exp"
+ local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2)
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlLog "Executing pki cert-find --validityCount $validityperiod --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertGrep "Subject DN: $cert_subject" "$cert_find_info"
+ rlAssertGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0145: Search certs which have validity period of 7 days"
+ local validityperiod="7 days"
+ local validitycount="1"
+ local validityoperation="<="
+ local validityunit="week"
+ rlLog "Generate cert with validity period of $validityperiod"
+ rlRun "generate_modified_cert validity_period:\"$validityperiod\" \
+ tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:crmf \
+ algo:rsa \
+ key_size:2048 \
+ cn:\"Test User2 $rand\" \
+ uid:testuser2_$rand \
+ email:testuser2_$rand@example.org \
+ ou: \
+ org: \
+ country: \
+ archive:false \
+ host: \
+ port: \
+ profile: \
+ cert_db:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ admin_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info \
+ expect_data:$exp"
+ local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2)
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlLog "Executing pki cert-find --validityCount $validityperiod --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertGrep "Subject DN: $cert_subject" "$cert_find_info"
+ rlAssertGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0146: Search certs which have validity period of less than a 1 year"
+ local validityperiod="315 days"
+ local validitycount="1"
+ local validityoperation="<="
+ local validityunit="year"
+ rlLog "Generate cert with validity period of $validityperiod"
+ rlRun "generate_modified_cert validity_period:\"$validityperiod\" \
+ tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:crmf \
+ algo:rsa \
+ key_size:2048 \
+ cn:\"Test User3 $rand\" \
+ uid:testuser3_$rand \
+ email:testuser3_$rand@example.org \
+ ou: \
+ org: \
+ country: \
+ archive:false \
+ host: \
+ port: \
+ profile: \
+ cert_db:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ admin_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info \
+ expect_data:$exp"
+ local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2)
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlLog "Executing pki cert-find --validityCount $validityperiod --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertGrep "Subject DN: $cert_subject" "$cert_find_info"
+ rlAssertGrep "Number of entries returned" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0147: Search certs which have validity period of more than a 3 months"
+ local invalidperiod="90 days"
+ local validityperiod="95 days"
+ local validitycount="3"
+ local validityoperation=">="
+ local validityunit="month"
+ local invalid_cert_info="$TmpDir/invalid_cert_info"
+ rlLog "Generate cert with validity period of $invalidperiod"
+ rlRun "generate_modified_cert validity_period:\"$invalidperiod\" \
+ tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:crmf \
+ algo:rsa \
+ key_size:2048 \
+ cn:\"Test User4 $rand\" \
+ uid:testuser4_$rand \
+ email:testuser4_$rand@example.org \
+ ou: \
+ org: \
+ country: \
+ archive:false \
+ host: \
+ port: \
+ profile: \
+ cert_db:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ admin_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info \
+ expect_data:$exp"
+ local invalid_cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlLog "invalid_cert_serialNumber=$invalid_cert_serialNumber"
+ rlLog "Generate cert with validity period of $validityperiod"
+ rlRun "generate_modified_cert validity_period:\"$validityperiod\" \
+ tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:crmf \
+ algo:rsa \
+ key_size:2048 \
+ cn:\"Test User4 $rand\" \
+ uid:testuser4_$rand \
+ email:testuser4_$rand@example.org \
+ ou: \
+ org: \
+ country: \
+ archive:false \
+ host: \
+ port: \
+ profile: \
+ cert_db:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ admin_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info \
+ expect_data:$exp"
+ local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2)
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ rlLog "Executing pki cert-find --validityCount $validityperiod --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit --size 1000 1> $cert_find_info"
+ rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_find_info"
+ rlAssertGrep "Subject DN: $cert_subject" "$cert_find_info"
+ rlAssertGrep "Number of entries returned" "$cert_find_info"
+ rlAssertNotGrep "Serial Number: $invalid_cert_serialNumber" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0148: pki cert-find should not run when invalid data is passed to validitycount"
+ local validitycount="a"
+ local validityoperation=">="
+ local validityunit="month"
+ rlLog "Executing pki cert-find --validityCount $validityperiod --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit --size 1000 > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "NumberFormatException: For input string: \"$validitycount\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0149: pki cert-find should not run no data is passed to validitycount"
+ local validitycount=
+ local validityoperation=">="
+ local validityunit="month"
+ rlLog "Executing pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit --size 1000 > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: validityCount" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0150: pki cert-find should not run when invalid data is passed to validityOperation"
+ local validitycount="1"
+ local validityoperation="dfdfd"
+ local validityunit="month"
+ rlLog "Executing pki cert-find --validityCount $validityperiod --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit > $cert_find_info"
+ rlAssertGrep "0 entries found" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0151: pki cert-find should not run no data is passed to validityOperation"
+ local validitycount="1"
+ local validityoperation=
+ local validityunit="month"
+ rlLog "Executing pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation "$validityoperation" --validityUnit $validityunit > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: validityOperation" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0152: pki cert-find should not run when invalid data is passed to validityUnit"
+ local validitycount="1"
+ local validityoperation=">="
+ local validityunit="dkfdlkfaksdfdfdd1212"
+ rlLog "Executing pki cert-find --validityCount $validityperiod --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Invalid validity duration unit: $validityunit" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0153: pki cert-find should not run no data is passed to validityUnit"
+ local validitycount="1"
+ local validityoperation=">="
+ local validityunit=
+ rlLog "Executing pki cert-find --validityCount --validityOperation \"$validityoperation\" --validityUnit $validityunit"
+ rlRun "pki cert-find --validityCount $validitycount --validityOperation \"$validityoperation\" --validityUnit $validityunit > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: validityUnit" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+
+ rlPhaseStartTest "pki_cert_find-0154: Search all certs which have been issued today using --validNotBeforeFrom and --validNotBeforeTo"
+ local tmp_start_date=$(date +%Y-%m-%d)
+ local tmp_end_date=$(date +%Y-%m-%d)
+ rlLog "Executing pki cert-find --validNotBeforeFrom $tmp_start_date --validNotBeforeTo $tmp_end_date --size 1000"
+ rlRun "pki cert-find --validNotBeforeFrom $tmp_start_date --validNotBeforeTo $tmp_end_date --size 1000 1> $cert_find_info"
+ rlAssertNotGrep "Not Valid Before: $(date +%a --date='1 day')" "$cert_find_info"
+ rlAssertNotGrep "Not Valid Before: $(date +%a --date='1 day ago')" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0155: Search all certs which are going to expire by tomorrow using --validNotAfterFrom and --validNotAfterTo"
+ local validityperiod="1 day"
+ local tmp_start_date=$(date +%Y-%m-%d --date='1 day')
+ local tmp_end_date=$(date +%Y-%m-%d --date='1 day')
+ rlLog "Generate cert with validity period of $validityperiod"
+ rlRun "generate_modified_cert validity_period:\"$validityperiod\" \
+ tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ req_type:crmf \
+ algo:rsa \
+ key_size:2048 \
+ cn: \
+ uid: \
+ email: \
+ ou: \
+ org: \
+ country: \
+ archive:false \
+ host: \
+ port: \
+ profile: \
+ cert_db:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ admin_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info \
+ expect_data:$exp"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+ local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2)
+ local cur_date=$(date) # Save current date
+ rlLog "Date & Time before Modifying system date: $cur_date"
+ rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Date after modifying using chrony: $(date)"
+ rlLog "Cert End date: $cert_end_date"
+ rlLog "Executing pki cert-find --validNotAfterFrom $tmp_start_date --validNotAfterTo $tmp_end_date --size 1000 1> $cert_find_info"
+ rlRun "pki cert-find --validNotAfterFrom $tmp_start_date --validNotAfterTo $tmp_end_date --size 1000 1> $cert_find_info"
+ rlAssertNotGrep "Not Valid After: $(date +%a --date='2 days ago')" "$cert_find_info"
+ rlAssertGrep "Not Valid After: $(date +%a --date='1 day ago')" "$cert_find_info"
+ rlLog "Set the date back to it's original date & time"
+ rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Date after running chrony: $(date)"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0156: pki cert-find should not run when invalid data is passed to --validNotAfterTo"
+ rlLog "Executing pki cert-find --validNotAfterTo $tmp_junk_data"
+ rlRun "pki cert-find --validNotAfterTo \"$tmp_junk_data\" > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "ParseException: Unparseable date: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0157: pki cert-find should not run when invalid data is passed to --validNotAfterFrom"
+ rlLog "Executing pki cert-find --validNotAfterFrom $tmp_junk_data"
+ rlRun "pki cert-find --validNotAfterFrom \"$tmp_junk_data\" > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "ParseException: Unparseable date: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0158: pki cert-find should not run when invalid data is passed to --validNotBeforeFrom"
+ rlLog "Executing pki cert-find --validNotBeforeFrom $tmp_junk_data"
+ rlRun "pki cert-find --validNotBeforeFrom $tmp_junk_data > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "ParseException: Unparseable date: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0159: pki cert-find should not run when invalid data is passed to --validNotBeforeTo"
+ rlLog "Executing pki cert-find --validNotBeforeTo $tmp_junk_data"
+ rlRun "pki cert-find --validNotAfterFrom $tmp_junk_data > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "ParseException: Unparseable date: \"$tmp_junk_data\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0160: pki cert-find should not run no data is passed to --validNotAfterTo"
+ rlLog "Executing pki cert-find --validNotAfterTo"
+ rlRun "pki cert-find --validNotAfterTo > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: validNotAfterTo" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0161: pki cert-find should not run no data is passed to --validNotAfterFrom"
+ rlLog "Executing pki cert-find --validNotAfterFrom"
+ rlRun "pki cert-find --validNotAfterFrom > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: validNotAfterFrom" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0162: pki cert-find should not run no data is passed to --validNotBeforeTo"
+ rlLog "Executing pki cert-find --validNotBeforeTo"
+ rlRun "pki cert-find --validNotBeforeTo > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: validNotBeforeTo" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0163: pki cert-find should not run no data is passed to --validNotBeforeFrom"
+ rlLog "Executing pki cert-find --validNotBeforeFrom"
+ rlRun "pki cert-find --validNotBeforeFrom > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "Error: Missing argument for option: validNotBeforeFrom" "$cert_find_info"
+ rlAssertGrep "usage: cert-find \[OPTIONS...\]" "$cert_find_info"
+ rlAssertGrep " --certTypeSecureEmail <on|off> Certifiate Type: Secure Email" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLClient <on|off> Certifiate Type: SSL Client" "$cert_find_info"
+ rlAssertGrep " --certTypeSSLServer <on|off> Certifiate Type: SSL Server" "$cert_find_info"
+ rlAssertGrep " --certTypeSubEmailCA <on|off> Certifiate type: Subject Email" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --certTypeSubSSLCA <on|off> Certificate type: Subject SSL" "$cert_find_info"
+ rlAssertGrep " CA" "$cert_find_info"
+ rlAssertGrep " --country <name> Subject's country" "$cert_find_info"
+ rlAssertGrep " --email <email> Subject's email address" "$cert_find_info"
+ rlAssertGrep " --help Show help options" "$cert_find_info"
+ rlAssertGrep " --input <file path> File containing the search" "$cert_find_info"
+ rlAssertGrep " constraints" "$cert_find_info"
+ rlAssertGrep " --issuedBy <user id> Issued by" "$cert_find_info"
+ rlAssertGrep " --issuedOnFrom <YYYY-MM-DD> Issued on or after this date" "$cert_find_info"
+ rlAssertGrep " --issuedOnTo <YYYY-MM-DD> Issued on or before this date" "$cert_find_info"
+ rlAssertGrep " --locality <name> Subject's locality" "$cert_find_info"
+ rlAssertGrep " --matchExactly Match exactly with the details" "$cert_find_info"
+ rlAssertGrep " provided" "$cert_find_info"
+ rlAssertGrep " --maxSerialNumber <serial number> Maximum serial number" "$cert_find_info"
+ rlAssertGrep " --minSerialNumber <serial number> Minimum serial number" "$cert_find_info"
+ rlAssertGrep " --name <name> Subject's common name" "$cert_find_info"
+ rlAssertGrep " --revocationReason <reason> Reason for revocation" "$cert_find_info"
+ rlAssertGrep " --revokedBy <user id> Certificate revoked by" "$cert_find_info"
+ rlAssertGrep " --revokedOnFrom <YYYY-MM-DD> Revoked on or after this date" "$cert_find_info"
+ rlAssertGrep " --revokedOnTo <YYYY-MM-DD> Revoked on or before this date" "$cert_find_info"
+ rlAssertGrep " --size <size> Page size" "$cert_find_info"
+ rlAssertGrep " --start <start> Page start" "$cert_find_info"
+ rlAssertGrep " --state <name> Subject's state" "$cert_find_info"
+ rlAssertGrep " --status <status> Certificate status: VALID," "$cert_find_info"
+ rlAssertGrep " INVALID, REVOKED, EXPIRED" "$cert_find_info"
+ rlAssertGrep " REVOKED_EXPIRED" "$cert_find_info"
+ rlAssertGrep " --uid <user id> Subject's userid" "$cert_find_info"
+ rlAssertGrep " --validityCount <count> Validity duration count" "$cert_find_info"
+ rlAssertGrep " --validityOperation <operation> Validity duration operation:" "$cert_find_info"
+ rlAssertGrep " \"<=\" or \">=\"" "$cert_find_info"
+ rlAssertGrep " --validityUnit <day|week|month|year> Validity duration unit: day," "$cert_find_info"
+ rlAssertGrep " week, month (default), year" "$cert_find_info"
+ rlAssertGrep " --validNotAfterFrom <YYYY-MM-DD> Valid not after start date" "$cert_find_info"
+ rlAssertGrep " --validNotAfterTo <YYYY-MM-DD> Valid not after end date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeFrom <YYYY-MM-DD> Valid not before start date" "$cert_find_info"
+ rlAssertGrep " --validNotBeforeTo <YYYY-MM-DD> Valid not before end date" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0164: search certs by passing search constraints through an input file"
+ rlLog "Executing pki --output $TmpDir cert-find --issuedBy system"
+ rlRun "pki --output $TmpDir cert-find --issuedBy system > $cert_find_info"
+ rlLog "Get the xml tag data from $TmpDir/http-request-1 to a $TmpDir/cert-find-input.xml"
+ rlRun "cat $TmpDir/http-request-1 | grep \"<?xml\" >> $TmpDir/cert-find-input.xml"
+ rlLog "Executing pki cert-find --input $TmpDir/cert-find-input.xml"
+ rlRun "pki cert-find --input $TmpDir/cert-find-input.xml 1> $cert_find_info"
+ rlAssertGrep "Number of entries returned" "$cert_find_info"
+ local tmp_check_result=$(cat $cert_find_info | grep "Issued By:" | grep -v system | wc -l)
+ if [ $tmp_check_result != 0 ]; then
+ rlFail "Search results do not match constraints"
+ fi
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0165: Issue pki cert-find using valid agent cert"
+ rlLog "Executing pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" cert-find"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" cert-find 1> $cert_find_info"
+ rlAssertGrep "Number of entries returned 20" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0166: Issue pki cert-find using revoked Agent cert and verify no search results are returned"
+ rlLog "Executing pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentR_user\" cert-find"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentR_user\" cert-find >> $cert_find_info 2>&1" 1,255
+ rlAssertGrep "PKIException: Unauthorized" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0167: Issue pki cert-find using valid admin cert and verify search results are returned"
+ rlLog "Executing pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_adminV_user\" cert-find"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_adminV_user\" cert-find 1> $cert_find_info"
+ rlAssertGrep "Number of entries returned 20" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0168: Issue pki cert-find using Expired admin cert"
+ local cur_date=$(date)
+ local end_date=$(certutil -L -d $CERTDB_DIR -n CA_adminE | grep "Not After" | awk -F ": " '{print $2}')
+ rlLog "Current Date/Time: $(date)"
+ rlLog "Current Date/Time: before modifying using chrony $(date)"
+ rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Move system to $end_date + 1 day ahead"
+ rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Date after modifying using chrony: $(date)"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_adminE_user\" cert-find > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_find_info"
+ rlLog "Set the date back to it's original date & time"
+ rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Current Date/Time after setting system date back using chrony $(date)"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0169: Issue pki cert-find using Expired agent cert"
+ local cur_date=$(date)
+ local end_date=$(certutil -L -d $CERTDB_DIR -n CA_agentE | grep "Not After" | awk -F ": " '{print $2}')
+ rlLog "Current Date/Time: $(date)"
+ rlLog "Current Date/Time: before modifying using chrony $(date)"
+ rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Move system to $end_date + 1 day ahead"
+ rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Date after modifying using chrony: $(date)"
+ rlRun "pki -d $CERTDB_DIR \
+ -c $CERTDB_DIR_PASSWORD \
+ -n \"$CA_agentE_user\" \
+ cert-find > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "ProcessingException: Unable to invoke request" "$cert_find_info"
+ rlLog "Set the date back to it's original date & time"
+ rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out"
+ rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+ rlLog "Current Date/Time after setting system date back using chrony $(date)"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0170: Issue pki cert-find using valid audit cert"
+ rlLog "Executing pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_auditV_user\" cert-find"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_auditV_user\" cert-find 1> $cert_find_info"
+ rlAssertGrep "Number of entries returned 20" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0171: Issue pki cert-find using valid operator cert"
+ rlLog "Executing pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_operatorV_user\" cert-find"
+ rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_operatorV_user\" cert-find 1> $cert_find_info"
+ rlAssertGrep "Number of entries returned 20" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0172: Issue pki cert-find using normal user cert(without any privileges)"
+ local profile=caUserCert
+ local pki_user="idm1_user_$rand"
+ local pki_user_fullName="Idm1 User $rand"
+ local pki_pwd="Secret123"
+ rlLog "Create user $pki_user"
+ rlRun "pki -d $CERTDB_DIR \
+ -n \"$CA_adminV_user\" \
+ -c $CERTDB_DIR_PASSWORD \
+ ca-user-add $pki_user \
+ --fullName \"$pki_user_fullName\" \
+ --password $pki_pwd" 0 "Create $pki_user User"
+ rlLog "Generate cert for user $pki_user"
+ rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+ tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+ myreq_type:pkcs10 \
+ algo:rsa key_size:2048 \
+ subject_cn:\"$pki_user_fullName\" \
+ subject_uid:$pki_user \
+ subject_email:$pki_user@example.org \
+ subject_ou: \
+ subject_o: \
+ subject_c: \
+ archive:false \
+ req_profile:$profile \
+ target_host: \
+ protocol: \
+ port: \
+ cert_db_dir:$CERTDB_DIR \
+ cert_db_pwd:$CERTDB_DIR_PASSWORD \
+ certdb_nick:\"$CA_agentV_user\" \
+ cert_info:$cert_info"
+ local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+ rlLog "Get the $pki_user cert in a output file"
+ rlRun "pki cert-show $cert_serialNumber --encoded --output $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki-cert-show.out"
+ rlAssertGrep "Certificate \"$cert_serialNumber\"" "$TEMP_NSS_DB/pki-cert-show.out"
+ rlRun "pki cert-show 0x1 --encoded --output $TEMP_NSS_DB/ca_cert.pem 1> $TEMP_NSS_DB/ca-cert-show.out"
+ rlAssertGrep "Certificate \"0x1\"" "$TEMP_NSS_DB/ca-cert-show.out"
+ rlLog "Add the $pki_user cert to $TEMP_NSS_DB NSS DB"
+ rlRun "pki -d $TEMP_NSS_DB \
+ -c $TEMP_NSS_DB_PWD \
+ -n "$pki_user" client-cert-import \
+ --cert $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki-client-cert.out"
+ rlAssertGrep "Imported certificate \"$pki_user\"" "$TEMP_NSS_DB/pki-client-cert.out"
+ rlLog "Get CA cert imported to $TEMP_NSS_DB NSS DB"
+ rlRun "pki -d $TEMP_NSS_DB \
+ -c $TEMP_NSS_DB_PWD \
+ -n \"CA Signing Certificate - $CA_DOMAIN Security Domain\" client-cert-import \
+ --ca-cert $TEMP_NSS_DB/ca_cert.pem 1> $TEMP_NSS_DB/pki-ca-cert.out"
+ rlAssertGrep "Imported certificate \"CA Signing Certificate - $CA_DOMAIN Security Domain\"" "$TEMP_NSS_DB/pki-ca-cert.out"
+ rlRun "pki -d $CERTDB_DIR \
+ -n CA_adminV \
+ -c $CERTDB_DIR_PASSWORD \
+ -t ca user-cert-add $pki_user \
+ --input $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki_user_cert_add.out" 0 "Cert is added to the user $pki_user"
+ rlRun "pki -d $TEMP_NSS_DB \
+ -c $TEMP_NSS_DB_PWD \
+ -n \"$pki_user\" \
+ cert-find > $cert_find_info"
+ rlAssertGrep "Number of entries returned 20" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0173: Issue pki cert-find using host URI parameter(https)"
+ local target_https_port=8443
+ local target_host=$(hostname)
+ rlRun "pki -d $CERTDB_DIR \
+ -U https://$target_host:$target_https_port \
+ cert-find 1> $cert_find_info"
+ rlAssertGrep "Number of entries returned 20" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0174: Issue pki cert-find using valid user"
+ rlLog "Executing pki cert-find using user $pki_user"
+ rlRun "pki -d $CERTDB_DIR \
+ -u $pki_user \
+ -w $pki_pwd \
+ cert-find 1> $cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0175: Issue pki cert-find using in-valid user"
+ local invalid_pki_user=test1
+ local invalid_pki_user_pwd=Secret123
+ rlLog "Executing pki cert-find using user $pki_user"
+ rlRun "pki -d $CERTDB_DIR \
+ -u $invalid_pki_user \
+ -w $invalid_pki_user_pwd \
+ cert-find > $cert_find_info 2>&1" 1,255
+ rlAssertGrep "PKIException: Unauthorized" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0176: Issue pki cert-find --start <verybignumber>"
+ local tmp_large_number1=1234567890
+ local tmp_large_number2=12345678901
+ rlLog "Executing pki cert-find --start $tmp_large_number1"
+ rlRun "pki cert-find --start $tmp_large_number1 > $cert_find_info"
+ rlAssertGrep "entries found" "$cert_find_info"
+ rlRun "pki cert-find --start $tmp_large_number2 > $cert_find_info 2>&1" 255
+ rlAssertGrep "NumberFormatException: For input string: \"$tmp_large_number2\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartTest "pki_cert_find-0177: Issue pki cert-find --size <verybigNumber>"
+ local tmp_large_number1=1234567890
+ local tmp_large_number2=12345678901
+ rlLog "Executing pki cert-find --size $tmp_large_number1"
+ rlRun "pki cert-find --size $tmp_large_number1 > $cert_find_info"
+ rlAssertGrep "entries found" "$cert_find_info"
+ rlRun "pki cert-find --size $tmp_large_number2 > $cert_find_info 2>&1" 255
+ rlAssertGrep "NumberFormatException: For input string: \"$tmp_large_number2\"" "$cert_find_info"
+ rlPhaseEnd
+
+ rlPhaseStartCleanup "pki cert-find cleanup: Delete temp dir"
+ rlRun "popd"
+ rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+ rlPhaseEnd
+
+}
diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh
index 765d63012..1bf2a8bd6 100755
--- a/tests/dogtag/runtest.sh
+++ b/tests/dogtag/runtest.sh
@@ -66,6 +66,7 @@
. ./acceptance/cli-tests/pki-cert-cli/pki-cert-release-hold.sh
. ./acceptance/cli-tests/pki-cert-cli/pki-cert-hold.sh
. ./acceptance/cli-tests/pki-cert-cli/pki-cert-cli-request-submit-ca.sh
+. ./acceptance/cli-tests/pki-cert-cli/pki-cert-cli-find-ca.sh
PACKAGE="pki-tools"
@@ -204,6 +205,11 @@ rlJournalStart
# Execute pki cert-hold tests
run_pki-cert-request-submit_tests
fi
+ CERT_FIND_CA_UPPERCASE=$(echo $CERT_FIND_CA | tr [a-z] [A-Z])
+ if [ "$CERT_FIND_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+ # Execute pki cert-find tests
+ run_pki-cert-find-ca_tests
+ fi
CERT_TEST_UPPERCASE=$(echo $CERT_TEST | tr [a-z] [A-Z])
if [ "$CERT_TEST_UPPERCASE" = "TRUE" ] ; then
#Execute pki cert tests
@@ -213,6 +219,7 @@ rlJournalStart
run_pki-cert-request-show-ca_tests
run_pki-cert-release-hold-ca_tests
run_pki-cert-hold-ca_tests
+ run_pki-cert-find-ca_tests
fi
BIG_INT_UPPERCASE=$(echo $BIG_INT | tr [a-z] [A-Z])
if [ "$BIG_INT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
generated by cgit (git 2.34.1) at 2024-06-07 02:51:02 +0000