diff options
| author | Asha Akkiangady <aakkiang@redhat.com> | 2014-04-17 11:25:57 -0400 |
|---|---|---|
| committer | Asha Akkiangady <aakkiang@redhat.com> | 2014-04-17 11:28:10 -0400 |
| commit | 7c7cbb84f1c43ce3fbe33676f3e0f07fb7ecc2f9 (patch) | |
| tree | 4b13179b6d577484b2a23cba86116b9dc9b61106 /tests | |
| parent | dafd64412398d60cf82b96eed3722a6de1f94b2b (diff) | |
| download | pki-7c7cbb84f1c43ce3fbe33676f3e0f07fb7ecc2f9.tar.gz pki-7c7cbb84f1c43ce3fbe33676f3e0f07fb7ecc2f9.tar.xz pki-7c7cbb84f1c43ce3fbe33676f3e0f07fb7ecc2f9.zip | |
Added new user-find and user-show tests.
Diffstat (limited to 'tests')
3 files changed, 485 insertions, 107 deletions
diff --git a/tests/dogtag/PURPOSE b/tests/dogtag/PURPOSE index 57f834d08..0ab8323eb 100755 --- a/tests/dogtag/PURPOSE +++ b/tests/dogtag/PURPOSE @@ -1,3 +1,2 @@ PURPOSE of /CoreOS/dogtag/PKI_TEST_USER_ID Description: All scripts for Dogtag tests -Author: Laxmi Sunkara <lsunkara@redhat.com> diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh index 574fd7286..53117daa7 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-find-ca.sh @@ -513,7 +513,7 @@ run_pki-user-cli-user-find-ca_tests(){ -c Password \ user-find --start=1 --size=5" echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password user-find --start=1 --size=5" > $expfile - echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=qeblade3.rhq.lab.eng.bos.redhat.com,O=rhq.lab.eng.bos.redhat.com Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=rhq.lab.eng.bos.redhat.com Security Domain' + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain' Import CA certificate (Y/n)? \"" >> $expfile echo "send -- \"Y\r\"" >> $expfile echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh index 98b5874fe..d46169370 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ca/pki-user-cli-user-show-ca.sh @@ -3,13 +3,14 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-show CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following ipa cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-show Show users # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Author: Laxmi Sunkara <lsunkara@redhat.com> +# Authors: Asha Akkiangady <aakkiang@redhat.com> +# Laxmi Sunkara <lsunkara@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # @@ -48,6 +49,7 @@ ######################################################################## ######################################################################## +run_pki-user-cli-user-show-ca_tests(){ user1=ca_agent2 user1fullname="Test ca_agent" user2=abcdefghijklmnopqrstuvwxyx12345678 @@ -56,14 +58,26 @@ user4=abc$ user5=abc@ user6=abc? user7=0 + rlPhaseStartSetup "pki_user_cli_user_show-ca-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki_user_show-configtest: pki user-show configuration test" + rlRun "pki user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \ + 0 \ + "pki user-show" + rlAssertGrep "usage: user-show <User ID>" "$TmpDir/pki_user_show_cfg.out" + rlPhaseEnd -run_pki-user-cli-user-show-ca_tests(){ ##### Tests to show CA users #### - rlPhaseStartTest "pki_user_cli_user_show-CA-001: Add a user to CA using CA_adminV" + rlPhaseStartTest "pki_user_cli_user_show-CA-001: Add user to CA using CA_adminV and show user" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using CA_adminV" rlLog "Executing: pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -73,282 +87,372 @@ run_pki-user-cli-user-show-ca_tests(){ -c $CERTDB_DIR_PASSWORD \ user-show $user1 > $TmpDir/pki-user-show-ca-001.out" \ 0 \ - "Show pki CA_adminV user" + "Show user $user1" rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-show-ca-001.out" rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-show-ca-001.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ca-001.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_1:maximum length of user id " + + rlPhaseStartTest "pki_user_cli_user_show-CA-002: maximum length of user id" + user2=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test $user2" + user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show $user2 > $TmpDir/pki-user-show-ca-001_1.out" \ 0 \ - "Show pki CA_adminV user" + "Show $user2 user" rlAssertGrep "User \"$user2\"" "$TmpDir/pki-user-show-ca-001_1.out" - rlAssertGrep "User ID: $user2" "$TmpDir/pki-user-show-ca-001_1.out" + actual_userid_string=`cat $TmpDir/pki-user-show-ca-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_1.out" + rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_2:User id with # character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-003: User id with # character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test $user3" + user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show $user3 > $TmpDir/pki-user-show-ca-001_2.out" \ 0 \ - "Show pki CA_adminV user" + "Show $user3 user" rlAssertGrep "User \"$user3\"" "$TmpDir/pki-user-show-ca-001_2.out" rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-show-ca-001_2.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_3:User id with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-004: User id with $ character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test $user4" + user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show $user4 > $TmpDir/pki-user-show-ca-001_3.out" \ 0 \ - "Show pki CA_adminV user" + "Show $user4 user" rlAssertGrep "User \"$user4\"" "$TmpDir/pki-user-show-ca-001_3.out" rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-show-ca-001_3.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_3.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_4:User id with @ character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-005: User id with @ character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test $user5" + user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show $user5 > $TmpDir/pki-user-show-ca-001_4.out" \ 0 \ - "Show pki CA_adminV user" + "Show $user5 user" rlAssertGrep "User \"$user5\"" "$TmpDir/pki-user-show-ca-001_4.out" rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-show-ca-001_4.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_4.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_5:User id with ? character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-006: User id with ? character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test $user6" + user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show $user6 > $TmpDir/pki-user-show-ca-001_5.out" \ 0 \ - "Show pki CA_adminV user" + "Show $user6 user" rlAssertGrep "User \"$user6\"" "$TmpDir/pki-user-show-ca-001_5.out" rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-show-ca-001_5.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_5.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_6:User id as 0" + + rlPhaseStartTest "pki_user_cli_user_show-CA-007: User id as 0" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test $user7" + user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show $user7 > $TmpDir/pki-user-show-ca-001_6.out" \ 0 \ - "Show pki CA_adminV user" + "Show user $user7" rlAssertGrep "User \"$user7\"" "$TmpDir/pki-user-show-ca-001_6.out" rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-show-ca-001_6.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_6.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_7:--email with maximum length " + + rlPhaseStartTest "pki_user_cli_user_show-CA-008: --email with maximum length" + email=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=abcdefghijklmnopqrstuvwxyx12345678 u1" + user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using CA_adminV with maximum --email length" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u1 > $TmpDir/pki-user-show-ca-001_7.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u1" rlAssertGrep "User \"u1\"" "$TmpDir/pki-user-show-ca-001_7.out" rlAssertGrep "User ID: u1" "$TmpDir/pki-user-show-ca-001_7.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_7.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-ca-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-show-ca-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_8:--email with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_show-CA-009: --email with maximum length and symbols" + email=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1` rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=abcdefghijklmnopqrstuvwxyx12345678#?*@$ u2" + user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using CA_adminV with maximum --email length and character symbols in it" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u2 > $TmpDir/pki-user-show-ca-001_8.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u2" rlAssertGrep "User \"u2\"" "$TmpDir/pki-user-show-ca-001_8.out" rlAssertGrep "User ID: u2" "$TmpDir/pki-user-show-ca-001_8.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_8.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-show-ca-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-show-ca-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_9:--email with # character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-010: --email with # character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=# u3" + user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u3 > $TmpDir/pki-user-show-ca-001_9.out" \ - 0 \ - "Show pki CA_adminV user" + 0 \ + "Add user u3" rlAssertGrep "User \"u3\"" "$TmpDir/pki-user-show-ca-001_9.out" rlAssertGrep "User ID: u3" "$TmpDir/pki-user-show-ca-001_9.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_9.out" rlAssertGrep "Email: #" "$TmpDir/pki-user-show-ca-001_9.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_10:--email with * character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-011: --email with * character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=* u4" + user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u4 > $TmpDir/pki-user-show-ca-001_10.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u4 using CA_adminV" rlAssertGrep "User \"u4\"" "$TmpDir/pki-user-show-ca-001_10.out" rlAssertGrep "User ID: u4" "$TmpDir/pki-user-show-ca-001_10.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_10.out" rlAssertGrep "Email: *" "$TmpDir/pki-user-show-ca-001_10.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_11:--email with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-012: --email with $ character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=$ u5" + user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u5 > $TmpDir/pki-user-show-ca-001_11.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u5 using CA_adminV" rlAssertGrep "User \"u5\"" "$TmpDir/pki-user-show-ca-001_11.out" rlAssertGrep "User ID: u5" "$TmpDir/pki-user-show-ca-001_11.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_11.out" rlAssertGrep "Email: \\$" "$TmpDir/pki-user-show-ca-001_11.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_12:--email as number 0 " + + rlPhaseStartTest "pki_user_cli_user_show-CA-013: --email as number 0" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=0 u6" + user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u6 > $TmpDir/pki-user-show-ca-001_12.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u6 using CA_adminV" rlAssertGrep "User \"u6\"" "$TmpDir/pki-user-show-ca-001_12.out" rlAssertGrep "User ID: u6" "$TmpDir/pki-user-show-ca-001_12.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_12.out" rlAssertGrep "Email: 0" "$TmpDir/pki-user-show-ca-001_12.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_13:--state with maximum length " + + rlPhaseStartTest "pki_user_cli_user_show-CA-014: --state with maximum length" + state=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 2048 | head -n 1` rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=abcdefghijklmnopqrstuvwxyx12345678 u7 " + user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki CA_adminV with maximum --state length" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u7 > $TmpDir/pki-user-show-ca-001_13.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u7 using CA_adminV" rlAssertGrep "User \"u7\"" "$TmpDir/pki-user-show-ca-001_13.out" rlAssertGrep "User ID: u7" "$TmpDir/pki-user-show-ca-001_13.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_13.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-ca-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-show-ca-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-ca-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-ca-001_13.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_14:--state with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_show-CA-015: --state with maximum length and symbols" + state=`cat /dev/urandom | tr -dc 'a-zA-Z0-9!?@~#*^_+$' | fold -w 2048 | head -n 1` rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=abcdefghijklmnopqrstuvwxyx12345678#?*@$ u8" + user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki CA_adminV with maximum --state length and symbols" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u8 > $TmpDir/pki-user-show-ca-001_14.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u8 using CA_adminV" rlAssertGrep "User \"u8\"" "$TmpDir/pki-user-show-ca-001_14.out" rlAssertGrep "User ID: u8" "$TmpDir/pki-user-show-ca-001_14.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_14.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-show-ca-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-show-ca-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-ca-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-ca-001_14.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_15:--state with # character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-016: --state with # character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=# u9" + user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using CA_adminV with --state # character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u9 > $TmpDir/pki-user-show-ca-001_15.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u9 using CA_adminV" rlAssertGrep "User \"u9\"" "$TmpDir/pki-user-show-ca-001_15.out" rlAssertGrep "User ID: u9" "$TmpDir/pki-user-show-ca-001_15.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_15.out" rlAssertGrep "State: #" "$TmpDir/pki-user-show-ca-001_15.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_16:--state with * character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-017: --state with * character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=* u10" + user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using CA_adminV with --state * character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u10 > $TmpDir/pki-user-show-ca-001_16.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u10 using CA_adminV" rlAssertGrep "User \"u10\"" "$TmpDir/pki-user-show-ca-001_16.out" rlAssertGrep "User ID: u10" "$TmpDir/pki-user-show-ca-001_16.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_16.out" rlAssertGrep "State: *" "$TmpDir/pki-user-show-ca-001_16.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_17:--state with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-CA-018: --state with $ character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=$ u11" + user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using CA_adminV with --state $ character" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u11 > $TmpDir/pki-user-show-ca-001_17.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u11 using CA_adminV" rlAssertGrep "User \"u11\"" "$TmpDir/pki-user-show-ca-001_17.out" rlAssertGrep "User ID: u11" "$TmpDir/pki-user-show-ca-001_17.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_17.out" rlAssertGrep "State: \\$" "$TmpDir/pki-user-show-ca-001_17.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_18:--state as number 0 " + + rlPhaseStartTest "pki_user_cli_user_show-CA-019: --state as number 0" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=0 u12" + user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using CA_adminV with --state 0" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -360,170 +464,201 @@ run_pki-user-cli-user-show-ca_tests(){ rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_18.out" rlAssertGrep "State: 0" "$TmpDir/pki-user-show-ca-001_18.out" rlPhaseEnd + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html - rlPhaseStartTest "pki_user_cli_user_show-CA-001_19:--phone with maximum length " + rlPhaseStartTest "pki_user_cli_user_show-CA-020: --phone with maximum length" + phone=`cat /dev/urandom | tr -dc '0-9' | fold -w 2048 | head -n 1` rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=abcdefghijklmnopqrstuvwxyx12345678 u13" + user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using CA_adminV with maximum --phone length" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u13 > $TmpDir/pki-user-show-ca-001_19.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u13 using CA_adminV" rlAssertGrep "User \"u13\"" "$TmpDir/pki-user-show-ca-001_19.out" rlAssertGrep "User ID: u13" "$TmpDir/pki-user-show-ca-001_19.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_19.out" - rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-ca-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-ca-001_19.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_24:--phone as negative number -1230 " + + rlPhaseStartTest "pki_user_cli_user_show-CA-021: --phone as negative number -1230" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=-1230 u14" + user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using CA_adminV with --phone as negative number -1230" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u14 > $TmpDir/pki-user-show-ca-001_24.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u14 using CA_adminV" rlAssertGrep "User \"u14\"" "$TmpDir/pki-user-show-ca-001_24.out" rlAssertGrep "User ID: u14" "$TmpDir/pki-user-show-ca-001_24.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_24.out" rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-show-ca-001_24.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_25:--type as Auditors" + rlPhaseStartTest "pki_user_cli_user_show-CA-022: --type as Auditors" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=Auditors u15" + user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using CA_adminV with --type as Auditors" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u15 > $TmpDir/pki-user-show-ca-001_25.out" \ 0 \ - "Show pki CA_adminV user" + "Show user u15 using CA_adminV" rlAssertGrep "User \"u15\"" "$TmpDir/pki-user-show-ca-001_25.out" rlAssertGrep "User ID: u15" "$TmpDir/pki-user-show-ca-001_25.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_25.out" rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-show-ca-001_25.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_26:--type Certificate Manager Agents " + + rlPhaseStartTest "pki_user_cli_user_show-CA-023: --type Certificate Manager Agents" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Certificate Manager Agents\" u16" + user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using CA_adminV with --type Certificate Manager Agents" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u16 > $TmpDir/pki-user-show-ca-001_26.out" \ 0 \ - "Show pki CA user" + "Show user u16 using CA_adminV" rlAssertGrep "User \"u16\"" "$TmpDir/pki-user-show-ca-001_26.out" rlAssertGrep "User ID: u16" "$TmpDir/pki-user-show-ca-001_26.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_26.out" rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-show-ca-001_26.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_27:--type Registration Manager Agents " + + rlPhaseStartTest "pki_user_cli_user_show-CA-024: --type Registration Manager Agents" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Registration Manager Agents\" u17" + user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using CA_adminV with --type Registration Manager Agents" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u17 > $TmpDir/pki-user-show-ca-001_27.out" \ 0 \ - "Show pki CA user" + "Show user u17 using CA_adminV" rlAssertGrep "User \"u17\"" "$TmpDir/pki-user-show-ca-001_27.out" rlAssertGrep "User ID: u17" "$TmpDir/pki-user-show-ca-001_27.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_27.out" rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-show-ca-001_27.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_28:--type Subsytem Group " + + rlPhaseStartTest "pki_user_cli_user_show-CA-025: --type Subsytem Group" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Subsytem Group\" u18" + user-add --fullName=test --type=\"Subsytem Group\" u18" \ + 0 \ + "Adding user using CA_adminV with --type Subsytem Group" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u18 > $TmpDir/pki-user-show-ca-001_28.out" \ 0 \ - "Show pki CA user" + "Show user u18 using CA_adminV" rlAssertGrep "User \"u18\"" "$TmpDir/pki-user-show-ca-001_28.out" rlAssertGrep "User ID: u18" "$TmpDir/pki-user-show-ca-001_28.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_28.out" rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-show-ca-001_28.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_29:--type Security Domain Administrators " + + rlPhaseStartTest "pki_user_cli_user_show-CA-026: --type Security Domain Administrators" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Security Domain Administrators\" u19" + user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using CA_adminV with --type Security Domain Administrators" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u19 > $TmpDir/pki-user-show-ca-001_29.out" \ 0 \ - "Show pki CA user" + "Show user u19 using CA_adminV" rlAssertGrep "User \"u19\"" "$TmpDir/pki-user-show-ca-001_29.out" rlAssertGrep "User ID: u19" "$TmpDir/pki-user-show-ca-001_29.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_29.out" rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-show-ca-001_29.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_30:--type ClonedSubsystems " + + rlPhaseStartTest "pki_user_cli_user_show-CA-027: --type ClonedSubsystems" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=ClonedSubsystems u20" + user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using CA_adminV with --type ClonedSubsystems" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u20 > $TmpDir/pki-user-show-ca-001_30.out" \ 0 \ - "Show pki CA user" + "Show user u20 using CA_adminV" rlAssertGrep "User \"u20\"" "$TmpDir/pki-user-show-ca-001_30.out" rlAssertGrep "User ID: u20" "$TmpDir/pki-user-show-ca-001_30.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_30.out" rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-show-ca-001_30.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_31:--type Trusted Managers " + + rlPhaseStartTest "pki_user_cli_user_show-CA-028: --type Trusted Managers" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Trusted Managers\" u21" + user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using CA_adminV with --type Trusted Managers" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ user-show u21 > $TmpDir/pki-user-show-ca-001_31.out" \ 0 \ - "Show pki CA user" + "Show user u21 using CA_adminV" rlAssertGrep "User \"u21\"" "$TmpDir/pki-user-show-ca-001_31.out" rlAssertGrep "User ID: u21" "$TmpDir/pki-user-show-ca-001_31.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ca-001_31.out" rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-show-ca-001_31.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_32: Add a user to CA with -t option" + + rlPhaseStartTest "pki_user_cli_user_show-CA-029: Show user with -t ca option" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ - user-add --fullName=\"$user1fullname\" u22" + user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ user-show u22 > $TmpDir/pki-user-show-ca-001_32.out" \ 0 \ - "Show pki CA user" + "Show user u22 using CA_adminV" rlAssertGrep "User \"u22\"" "$TmpDir/pki-user-show-ca-001_32.out" rlAssertGrep "User ID: u22" "$TmpDir/pki-user-show-ca-001_32.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ca-001_32.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-CA-001_33: Add a user -- all options provided" + + rlPhaseStartTest "pki_user_cli_user_show-CA-030: Add a user -- all options provided" email="ca_agent2@myemail.com" user_password="agent2Password" phone="1234567890" @@ -539,15 +674,16 @@ run_pki-user-cli-user-show-ca_tests(){ --phone $phone \ --state $state \ --type $type \ - u23" + u23" \ + 0 \ + "Adding user u23 using CA_adminV" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ -t ca \ user-show u23 > $TmpDir/pki-user-show-ca-001_33.out" \ 0 \ - "Show pki CA user" - + "Show user u23 using CA_adminV" rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ca-001_33.out" rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ca-001_33.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ca-001_33.out" @@ -556,8 +692,9 @@ run_pki-user-cli-user-show-ca_tests(){ rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-ca-001_33.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-show-ca-001_33.out" rlPhaseEnd + #Negative Cases - rlPhaseStartTest "pki_user_cli_user_show-CA-001_34: Missing required option user id " + rlPhaseStartTest "pki_user_cli_user_show-CA-031: Missing required option user id" rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -567,8 +704,8 @@ run_pki-user-cli-user-show-ca_tests(){ "Cannot show user without user id" rlAssertGrep "usage: user-show <User ID>" "$TmpDir/pki-user-show-ca-001_34.out" rlPhaseEnd - #====# - rlPhaseStartTest "pki_user_cli_user_show-CA-001_35: Checking if user id case sensitive " + + rlPhaseStartTest "pki_user_cli_user_show-CA-032: Checking if user id case sensitive " rlRun "pki -d $CERTDB_DIR \ -n CA_adminV \ -c $CERTDB_DIR_PASSWORD \ @@ -584,7 +721,245 @@ run_pki-user-cli-user-show-ca_tests(){ rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-ca-001_35.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-show-ca-001_35.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_cleanup-001_36: Deleting the temp directory and users" + + rlPhaseStartTest "pki_user_cli_user_show-CA-033: Should not be able to show user using a revoked cert CA_adminR" + + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_adminR \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminR \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23 > $TmpDir/pki-user-show-ca-revoke-adminR-002.out 2>&1" \ + 1 \ + "Should not be able to show user u23 using a admin having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-revoke-adminR-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-034: Should not be able to show user using a agent with revoked cert CA_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_agentR \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23" + rlRun "pki -d $CERTDB_DIR \ + -n CA_agentR \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23 > $TmpDir/pki-user-show-ca-revoke-agentR-002.out 2>&1" \ + 1 \ + "Should not be able to show user u23 using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-revoke-agentR-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-035: Should not be able to show user using a valid agent CA_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_agentV \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23" + rlRun "pki -d $CERTDB_DIR \ + -n CA_agentV \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23 > $TmpDir/pki-user-show-ca-agentV-002.out 2>&1" \ + 1 \ + "Should not be able to show user u23 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization failed" "$TmpDir/pki-user-show-ca-agentV-002.out" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-036: Should not be able to show user using a CA_agentR user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_agentR \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23" + rlRun "pki -d $CERTDB_DIR \ + -n CA_agentR \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23 > $TmpDir/pki-user-show-ca-agentR-002.out 2>&1" \ + 1 \ + "Should not be able to show user u23 using a revoked agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-agentR-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-037: Should not be able to show user using admin user with expired cert CA_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_adminE \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminE \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23 > $TmpDir/pki-user-show-ca-adminE-002.out 2>&1" \ + 1 \ + "Should not be able to show user u23 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-038: Should not be able to show user using CA_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_agentE \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23" + rlRun "pki -d $CERTDB_DIR \ + -n CA_agentE \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23 > $TmpDir/pki-user-show-ca-agentE-002.out 2>&1" \ + 1 \ + "Should not be able to show user u23 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-039: Should not be able to show user using a CA_auditV" + + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_auditV \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23" + rlRun "pki -d $CERTDB_DIR \ + -n CA_auditV \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23 > $TmpDir/pki-user-show-ca-auditV-002.out 2>&1" \ + 1 \ + "Should not be able to show user u23 using a audit cert" + rlAssertGrep "ForbiddenException: Authorization failed" "$TmpDir/pki-user-show-ca-auditV-002.out" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-040: Should not be able to show user using a CA_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n CA_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23" + rlRun "pki -d $CERTDB_DIR \ + -n CA_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + user-show u23 > $TmpDir/pki-user-show-ca-operatorV-002.out 2>&1" \ + 1 \ + "Should not be able to show user u23 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization failed" "$TmpDir/pki-user-show-ca-operatorV-002.out" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-041: Should not be able to show user using a cert created from a untrusted CA CA_adminUTCA" + rlLog "Executing: pki -d /tmp/untrusted_cert_db \ + -n CA_adminUTCA \ + -c Password \ + user-show u23" + rlRun "pki -d /tmp/untrusted_cert_db \ + -n CA_adminUTCA \ + -c Password \ + user-show u23 > $TmpDir/pki-user-show-ca-adminUTCA-002.out 2>&1" \ + 1 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-adminUTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-ca-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid"" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"CA_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + user-find --start=1 --size=5" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on 'CN=$HOSTNAME,O=$CA_DOMAIN Security Domain' indicates a non-trusted CA cert 'CN=CA Signing Certificate,O=$CA_DOMAIN Security Domain' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:$CA_UNSECURE_PORT/ca\]: \"" >> $expfile + echo "send -- \"\r\"" >> $expfile + echo "expect eof" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-show-ca-pkiUser1-002.out 2>&1" 1 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ca-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10000 | head -n 1` + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-show \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-show \"$user_length_exceed_max\" > $TmpDir/pki-user-show-ca-001_50.out 2>&1" \ + 1 \ + "Show user using CA_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-ca-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-044: user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=test 'ÖrjanÄke' > $TmpDir/pki-user-show-ca-001_56.out 2>&1" \ + 0 \ + "Adding uid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-show 'ÖrjanÄke' > $TmpDir/pki-user-show-ca-001_56_2.out" \ + 0 \ + "Show user 'ÖrjanÄke'" + rlAssertGrep "User \"ÖrjanÄke\"" "$TmpDir/pki-user-show-ca-001_56_2.out" + rlAssertGrep "User ID: ÖrjanÄke" "$TmpDir/pki-user-show-ca-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-CA-045: userid with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-add --fullName=test 'ÉricTêko' > $TmpDir/pki-user-show-ca-001_57.out 2>&1" \ + 0 \ + "Adding user id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n CA_adminV \ + -c $CERTDB_DIR_PASSWORD \ + user-show 'ÉricTêko' > $TmpDir/pki-user-show-ca-001_57_2.out" \ + 0 \ + "Show user 'ÉricTêko'" + rlAssertGrep "User \"ÉricTêko\"" "$TmpDir/pki-user-show-ca-001_57_2.out" + rlAssertGrep "User ID: ÉricTêko" "$TmpDir/pki-user-show-ca-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" del_user=($CA_adminV_user $CA_adminR_user $CA_adminE_user $CA_adminUTCA_user $CA_agentV_user $CA_agentR_user $CA_agentE_user $CA_agentUTCA_user $CA_auditV_user $CA_operatorV_user) #===Deleting users created using CA_adminV cert===# @@ -612,5 +987,9 @@ run_pki-user-cli-user-show-ca_tests(){ rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ca-user-symbol-00$j.out" let j=$j+1 done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd } |