Add pki ca-cert-revoke automation

author: Niranjan Mallapadi <mrniranjan@redhat.com> 2014-09-29 18:07:29 +0530
committer: Niranjan Mallapadi <mrniranjan@redhat.com> 2014-09-29 18:14:44 +0530
commit: 9d977698d43e6e59d014e65e75c74493b82c3588 (patch)
tree: 5ea0be838f7a2fd527dd64461ef39e504506abfe /tests
parent: 15944116f9c01a8ecd21c0ef533edf1c29f208ac (diff)
download: pki-9d977698d43e6e59d014e65e75c74493b82c3588.tar.gz
pki-9d977698d43e6e59d014e65e75c74493b82c3588.tar.xz
pki-9d977698d43e6e59d014e65e75c74493b82c3588.zip
1 files changed, 943 insertions, 0 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-cert-cli/pki-ca-cert-cli-revoke-ca.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-cert-cli/pki-ca-cert-cli-revoke-ca.sh
new file mode 100755
index 000000000..d919f27ff
--- /dev/null
+++ b/tests/dogtag/acceptance/cli-tests/pki-ca-cert-cli/pki-ca-cert-cli-revoke-ca.sh
@@ -0,0 +1,943 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ca-cert-cli
+#   Description: PKI CA CERT CLI tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki cert cli commands needs to be tested:
+#  pki-ca-cert-revoke
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Niranjan Mallapadi <mrniranjan@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_pki-ca-cert-revoke-ca_tests()
+{
+	local cs_Type=$1
+	local cs_Role=$2
+
+	# Creating Temporary Directory for pki ca-cert-revoke
+        rlPhaseStartSetup "pki ca-cert-revoke Temporary Directory"
+        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+	rlPhaseEnd
+
+	#local variables
+        get_topo_stack $cs_Role $TmpDir/topo_file
+        local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        local CA_agentV_user=$CA_INST\_agentV
+        local CA_auditV_user=$CA_INST\_auditV
+        local CA_operatorV_user=$CA_INST\_operatorV
+        local CA_adminV_user=$CA_INST\_adminV
+        local CA_agentR_user=$CA_INST\_agentR
+        local CA_adminR_user=$CA_INST\_adminR
+        local CA_adminE_user=$CA_INST\_adminE
+        local CA_agentE_user=$CA_INST\_agentE
+	local invalid_serialNumber=$(cat /dev/urandom | tr -dc '1-9' | fold -w 10 | head -n 1)
+        local invalid_hex_serialNumber=0x$(echo "ibase=16;$invalid_serialNumber"|bc)
+        local pkcs10_reqstatus
+        local pkcs10_requestid
+        local rand=$(cat /dev/urandom | tr -dc '0-9' | fold -w 5 | head -n 1)
+        local sub_ca_ldap_port=1800
+        local sub_ca_http_port=14080
+        local sub_ca_https_port=14443
+        local sub_ca_ajp_port=14009
+        local sub_ca_tomcat_port=14005
+        local subca_instance_name=pki-example-$rand
+        local SUBCA_SERVER_ROOT=/var/lib/pki/$subca_instance_name/ca
+	local admin_cert_nickname="PKI Administrator for $CA_DOMAIN"
+	local TEMP_NSS_DB="$TmpDir/nssdb"
+	local TEMP_NSS_DB_PWD="Secret123"
+	local exp="$TmpDir/expfile.out"
+	local expout="$TmpDir/exp_out"
+	local cert_info="$TmpDir/cert_info"
+        local target_port=$(eval echo \$${CA_INST}_UNSECURE_PORT)
+        local target_https_port=$(eval echo \$${CA_INST}_SECURE_PORT)
+        local tmp_ca_host=$(eval echo \$${cs_Role})
+        local target_host=$(eval echo \$${cs_Role})
+      
+	# Setup SubCA for pki ca-cert-revoke tests
+	rlPhaseStartSetup "Setup a Subordinate CA for pki ca-cert-revoke"
+        local install_info=$TmpDir/install_info
+        rlLog "Setting up a Subordinate CA instance $subca_instance_name"
+        rlRun "rhcs_install_subca-BZ-501088 $subca_instance_name \
+                $sub_ca_ldap_port \
+                $sub_ca_http_port \
+                $sub_ca_https_port \
+                $sub_ca_ajp_port \
+                $sub_ca_tomcat_port \
+                $TmpDir $TmpDir/nssdb $install_info \
+		$CA_INST \
+		$target_host \
+		$target_port \
+		$target_https_port"
+        rlLog "Add CA Cert to $TEMP_NSS_DB"
+        rlRun "install_and_trust_CA_cert $SUBCA_SERVER_ROOT \"$TEMP_NSS_DB\""
+        local subca_serialNumber=$(pki -h $target_host -p $target_port cert-find  --name "SubCA-$subca_instance_name" --matchExactly | grep "Serial Number" | awk -F": " '{print $2}')
+        local STRIP_HEX_PKCS10=$(echo $subca_serialNumber | cut -dx -f2)
+        local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^}
+        local subca_decimal_serialNumber=$(echo "ibase=16;$CONV_UPP_VAL_PKCS10"|bc)
+        rlPhaseEnd
+
+	# pki cert cli config test
+	rlPhaseStartTest "pki_cert_cli-configtest: pki ca-cert-revoke --help configuration test"
+	rlRun "pki -h $target_host -p $target_port cert-revoke --help > $TmpDir/cert-revoke.out 2>&1" 0 "pki ca-cert-revoke --help"
+	rlAssertGrep "usage: cert-revoke <Serial Number> \[OPTIONS...]" "$TmpDir/cert-revoke.out"
+   	rlAssertGrep "--ca                    CA signing certificate" "$TmpDir/cert-revoke.out"
+    	rlAssertGrep "--comments <comments>   Comments" "$TmpDir/cert-revoke.out"
+    	rlAssertGrep "--reason <reason>       Revocation reason: Unspecified (default)," "$TmpDir/cert-revoke.out"
+	rlAssertGrep "Key_Compromise" "$TmpDir/cert-revoke.out"
+	rlAssertGrep "CA_Compromise" "$TmpDir/cert-revoke.out"
+	rlAssertGrep "Affiliation_Changed" "$TmpDir/cert-revoke.out"
+	rlAssertGrep "Superseded" "$TmpDir/cert-revoke.out"
+	rlAssertGrep "Cessation_of_Operation" "$TmpDir/cert-revoke.out"
+	rlAssertGrep "Certificate_Hold" "$TmpDir/cert-revoke.out"
+	rlAssertGrep "Remove_from_CRL" "$TmpDir/cert-revoke.out"
+	rlAssertGrep "Privilege_Withdrawn" "$TmpDir/cert-revoke.out"
+	rlAssertGrep "AA_Compromise" "$TmpDir/cert-revoke.out"
+	rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/cert-revoke.out"
+	rlLog "FAIL :: https://engineering.redhat.com/trac/pki-tests/ticket/490"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_001: Revoke a cert using Agent with same serial as Subordinate CA(BZ-501088)"
+        local i=1
+        local upperlimit
+        let upperlimit=$subca_decimal_serialNumber-3
+        while [ $i -ne $upperlimit ] ; do
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD  myreq_type:pkcs10 \
+		algo:rsa key_size:1024 subject_cn:\"Foo User$i\" subject_uid:FooUser$i subject_email:FooUser$i@example.org \
+		subject_ou: subject_o: subject_c: archive:false req_profile: target_host:$target_host protocol: port:$sub_ca_http_port \
+		cert_db_dir:$TEMP_NSS_DB cert_db_pwd:$TEMP_NSS_DB_PWD certdb_nick:\"$admin_cert_nickname\" cert_info:$cert_info"
+        let i=$i+1
+        done
+        local revoked_cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlLog "Certificate that would be revoked is $revoked_cert_serialNumber"
+        rlRun "pki -d $TEMP_NSS_DB \
+                -p $sub_ca_http_port \
+                -h $target_host \
+                -c $TEMP_NSS_DB_PWD \
+                -n \"$admin_cert_nickname\" \
+                cert-revoke $revoked_cert_serialNumber --force --reason Certificate_Hold 1> $expout"
+        rlAssertGrep "Placed certificate \"$revoked_cert_serialNumber\" on-hold" "$expout"
+        rlAssertGrep "Serial Number: $revoked_cert_serialNumber" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_002: pki ca-cert-revoke <serialNumber>"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber"
+	rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+	rlRun "/usr/bin/expect -f $exp > $expout 2>&1" 
+	rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+	rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+	rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+	rlAssertGrep "Status: REVOKED" "$expout"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_003: pki ca-cert-revoke <serialNumber> --comments \"Test Comment1\""
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --comments \"Test Comment1\""
+	rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+	rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+	rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+	rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+	rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+	rlAssertGrep "Status: REVOKED" "$expout"
+	rlPhaseEnd
+	
+        rlPhaseStartTest "pki_ca_cert_revoke_004: pki ca-cert-revoke <serialNumber> --force"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"	
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force 1> $expout"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+	
+        rlPhaseStartTest "pki_ca_cert_revoke_005: pki ca-cert-revoke <serialNumber> --reason unspecified"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason unspecified"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_006: pki ca-cert-revoke <serialNumber> --reason Key_Compromise"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason Key_Compromise"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+       
+        rlPhaseStartTest "pki_ca_cert_revoke_007: pki ca-cert-revoke <serialNumber> --reason CA_Compromise"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason CA_Compromise"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd	
+
+        rlPhaseStartTest "pki_ca_cert_revoke_008: pki ca-cert-revoke <serialNumber> --reason Affiliation_Changed"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason Affiliation_Changed"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_009: pki ca-cert-revoke <serialNumber> --reason Superseded"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason Superseded"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0010: pki ca-cert-revoke <serialNumber> --reason Cessation_of_Operation"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason Cessation_of_Operation"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0011: pki ca-cert-revoke <serialNumber> --reason Certificate_Hold"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason Certificate_Hold"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Placed certificate \"$cert_serialNumber\" on-hold" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+	
+        rlPhaseStartTest "pki_ca_cert_revoke_0012: pki ca-cert-revoke <serialNumber> --reason Privilege_Withdrawn"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason Privilege_Withdrawn"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0013: pki ca-cert-revoke <serialNumber> --reason Remove_from_CRL"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Certificate_Hold 1> $expout"
+	local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason Remove_from_CRL"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Placed certificate \"$cert_serialNumber\" off-hold" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: VALID" "$expout"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0014: pki ca-cert-revoke <serialNumber> --reason Invalid revocation reason"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason unknown_revocation_reason 2> $expout" 1,255
+	rlAssertGrep "Error: Invalid revocation reason: unknown_revocation_reason" "$expout"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_ca_cert_revoke_0015: pki ca-cert-revoke <revoked-serialNumber>"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Key_Compromise 1> $expout" 0
+	rlAssertGrep "Status: REVOKED" "$expout"
+	local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason Key_Compromise"
+	rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+	rlRun "/usr/bin/expect -f $exp > $expout 2>&1"  
+	STRIP_HEX_PKCS10=$(echo $cert_serialNumber | cut -dx -f2)
+	rlAssertGrep "BadRequestException: certificate #$STRIP_HEX_PKCS10 has already been revoked" "$expout"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0016: pki ca-cert-revoke <serialNumber> --force --reason unspecified"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason unspecified 1> $expout" 0
+	rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+	rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+	rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+	rlAssertGrep "Status: REVOKED" "$expout"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0017: pki ca-cert-revoke <serialNumber> --force --reason Key_Compromise"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Key_Compromise 1> $expout" 0
+	rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+	rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+	rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+	rlAssertGrep "Status: REVOKED" "$expout"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0018: pki ca-cert-revoke <serialNumber> --force --reason CA_Compromise"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason CA_Compromise 1> $expout"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0019: pki ca-cert-revoke <serialNumber> --force --reason Affiliation_Changed"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Affiliation_Changed 1> $expout" 0
+	rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+	rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+	rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+	rlAssertGrep "Status: REVOKED" "$expout"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0020: pki ca-cert-revoke <serialNumber> --force --reason Superseded"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		 -n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Superseded 1> $expout" 0
+	rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+	rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+	rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+	rlAssertGrep "Status: REVOKED" "$expout"
+	rlPhaseEnd
+	
+	rlPhaseStartTest "pki_ca_cert_revoke_0021: pki ca-cert-revoke <serialNumber> --force --reason Cessation_of_Operation"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"	
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Cessation_of_Operation 1> $expout" 0
+	rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+	rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+	rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+	rlAssertGrep "Status: REVOKED" "$expout"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0022: pki ca-cert-revoke <serialNumber> --force --reason Certificate_Hold"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Certificate_Hold 1> $expout" 0
+        rlAssertGrep "Placed certificate \"$cert_serialNumber\" on-hold" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0023: pki ca-cert-revoke <serialNumber> --force --reason Privilege_Withdrawn"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason  Privilege_Withdrawn 1> $expout" 0
+	rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+	rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+	rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+	rlAssertGrep "Status: REVOKED" "$expout"
+	rlPhaseEnd
+	
+        rlPhaseStartTest "pki_ca_cert_revoke_0024: pki ca-cert-revoke <serialNumber> --force --reason Invalid revocation reason"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason unknown_revocation_reason 2> $expout" 1,255
+        rlAssertGrep "Error: Invalid revocation reason: unknown_revocation_reason" "$expout"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0025: pki ca-cert-revoke <serialNumber> --force --reason Remove_from_CRL"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Certificate_Hold 1> $expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Remove_from_CRL 1> $expout"
+        rlAssertGrep "Placed certificate \"$cert_serialNumber\" off-hold" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: VALID" "$expout"
+        rlPhaseEnd	
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0026: Revoke a non CA signing Cert using pki ca-cert-revoke --ca" 
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --ca --reason unspecified"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+	rlAssertGrep "UnauthorizedException: Certificate $cert_serialNumber is not a CA signing certificate" "$expout"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0027: Revoke a non CA signing Cert using pki ca-cert-revoke --ca --force"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_agentV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --ca --reason unspecified 2> $expout" 1,255
+        rlAssertGrep "UnauthorizedException: Certificate $cert_serialNumber is not a CA signing certificate" "$expout"
+        rlPhaseEnd
+	
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0028: Revoke a CA signing Cert using pki ca-cert-revoke --ca"
+	cert_serialNumber=0x1
+	local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --ca --reason Certificate_Hold"
+	rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Placed certificate \"$cert_serialNumber\" on-hold" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+	rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-h $target_host \
+		-p $target_port \
+		-n \"$CA_agentV_user\" \
+		cert-release-hold $cert_serialNumber --force" 0 "Release Certificate Hold of CA Signing Certificate"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0029: Revoke a cert using Revoked CA Agent Cert"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+	rlRun "pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_adminR_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber \
+		--force --reason unspecified 2> $expout" 1,255
+	rlAssertGrep "PKIException: Unauthorized" "$expout"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0030: Revoke a cert using CA Audit Cert"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-n \"$CA_auditV_user\" \
+		-h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason unspecified 2> $expout" 1,255
+        rlAssertGrep "Authorization Error" "$expout"	
+	rlPhaseEnd
+	
+	rlPhaseStartTest "pki_ca_cert_revoke_0031: Revoke cert with with Invalid serialNumber"
+	rlRun "pki -d $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD \
+		-h $target_host \
+		-p $target_port \
+		-n \"$CA_agentV_user\" \
+		cert-revoke $invalid_serialNumber --force --reason unspecified 2> $expout" 1,255
+	rlAssertGrep "CertNotFoundException:" "$expout"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0032: Revoke a cert and verify revoked cert is added to CRL"
+        rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n \"$CA_agentV_user\" \
+                -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason unspecified 1> $expout" 0 "Revoke cert with reason unspecified"
+	rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+	rlFail "Unable to query CRL to verify revoked cert is added CRL: https://fedorahosted.org/pki/ticket/944"
+	rlPhaseEnd
+	
+	rlPhaseStartTest "pki_ca_cert_revoke_0033: Test-1 Revoke cert with i18n characters"
+	local profile=caUserSMIMEcapCert
+	rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+		myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"ÖrjanÄke\" \
+		subject_email:test@example.org subject_ou:Foo_Example_IT subject_org:FooBar.Org subject_c:US \
+		archive:false req_profile:$profile target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+              cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n \"$CA_agentV_user\" \
+                -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason unspecified 1> $expout" 0 "Revoke cert with reason unspecified"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0034: Test-2 Revoke cert with i18n characters"
+        local profile=caUserCert
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn:\"Éric Têko\" subject_uid:FooBar \
+                subject_email:test@example.org subject_ou:Foo_Example_IT subject_org:FooBar.Org subject_c:US \
+                archive:false req_profile:$profile target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+              cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n \"$CA_agentV_user\" \
+                -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Key_Compromise 1> $expout" 0 "Revoke cert with reason Key_Compromise"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+	
+        rlPhaseStartTest "pki_ca_cert_revoke_0035: Test-3 Revoke cert with i18n characters"
+        local profile=caTPSCert
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn:\"éénentwintig dvidešimt.example.org\" subject_uid: \
+                subject_email:test@example.org subject_ou:Foo_Example_IT subject_org:FooBar.Org subject_c:US \
+                archive:false req_profile:$profile target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+              cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n \"$CA_agentV_user\" \
+                -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason CA_Compromise 1> $expout" 0 "Revoke cert with reason CA_Compromise"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0036: Test-4 Revoke cert with i18n characters"
+        local profile=caSignedLogCert
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn:\"двадцять один тридцять Signed Log Certificate\" subject_uid: \
+                subject_email:test@example.org subject_ou:Foo_Example_IT subject_org:FooBar.Org subject_c:US \
+                archive:false req_profile:$profile target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+              cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n \"$CA_agentV_user\" \
+                -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Affiliation_Changed 1> $expout" 0 "Revoke cert with reason Affiliation_Changed"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0037: Test-5 Revoke cert with i18n characters"
+        local profile=caServerCert
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn:\"kakskümmend üks.example.org\" subject_uid: \
+                subject_email:test@example.org subject_ou:Foo_Example_IT subject_org:FooBar.Org subject_c:US \
+                archive:false req_profile:$profile target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+              cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n \"$CA_agentV_user\" \
+                -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Superseded 1> $expout" 0 "Revoke cert with reason Superseded"
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_cert_revoke_0038: Revoke a already revoked cert"
+	rlLog "Generating temporary certificate"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 algo:rsa key_size:2048 subject_cn: subject_uid: \
+                subject_email: subject_ou: subject_o: subject_c: archive:false \
+                req_profile: target_host:$target_host protocol: port:$target_port cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD certdb_nick:\"$CA_agentV_user\" cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cmd="pki -d  $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"$CA_agentV_user\" -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --reason Certificate_Hold"
+        rlRun "cert-revoke_expect_data $exp $cert_info \"$cmd\""
+        rlRun "/usr/bin/expect -f $exp > $expout 2>&1"
+        rlAssertGrep "Placed certificate \"$cert_serialNumber\" on-hold" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlRun "pki -d  $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n \"$CA_agentV_user\" \
+                -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Superseded 2> $expout" 1,255 "Revoke already revoked cert"
+	local certsno=$(echo $cert_serialNumber | awk -F "0x" '{print $2}')
+	rlAssertGrep "BadRequestException: certificate #$certsno has already been revoked" "$expout"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_cert_revoke_0039: Revoke an expired cert"
+	local validityperiod="1 day"
+	rlLog "Generate cert with validity period of $validityperiod"
+	rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+		req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$target_host port:$target_port profile: \
+		cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$CA_agentV_user\" cert_info:$cert_info expect_data:$exp"
+        local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2)
+        local cur_date=$(date) # Save current date
+	rlLog "Date & Time before Modifying system date: $cur_date"
+	rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual"
+	rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+	rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" 
+	rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+	rlLog "Date after modifying using chrony: $(date)"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        rlRun "pki -d  $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n \"$CA_agentV_user\" \
+                -h $target_host -p $target_port ca-cert-revoke $cert_serialNumber --force --reason Key_Compromise 1> $expout" 0
+        rlAssertGrep "Revoked certificate \"$cert_serialNumber\"" "$expout"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$expout"
+        rlAssertGrep "Issuer: CN=PKI $CA_INST Signing Cert,O=redhat" "$expout"
+        rlAssertGrep "Status: REVOKED" "$expout"
+        rlLog "Set the date back to it's original date & time"
+	rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" 
+	rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+	rlLog "Date after running chrony: $(date)"
+        rlPhaseEnd
+	
+	rlPhaseStartCleanup "Destroy SubCA & DS instance"
+	rlRun "pkidestroy -s CA -i $subca_instance_name > $TmpDir/$subca_instance_name-ca-clean.out"
+	rlAssertGrep "Uninstalling CA from /var/lib/pki/$subca_instance_name" "$TmpDir/$subca_instance_name-ca-clean.out"
+	rlAssertGrep "Uninstallation complete" "$TmpDir/$subca_instance_name-ca-clean.out"
+	rlRun "remove-ds.pl -i slapd-$subca_instance_name > $TmpDir/subca_instance_name-ds-clean.out"
+	rlAssertGrep "Instance slapd-$subca_instance_name removed" "$TmpDir/subca_instance_name-ds-clean.out"
+	rlPhaseEnd
+	
+	rlPhaseStartCleanup "pki ca-cert-revoke cleanup: Delete temp dir"
+	rlRun "popd"
+	rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+    	rlPhaseEnd
+
+}
+rhcs_install_subca-BZ-501088()
+{
+		
+        local SUBCA_INSTANCE_NAME=$1
+        local SUBCA_LDAP_PORT=$2
+        local SUBCA_HTTP_PORT=$3
+        local SUBCA_HTTPS_PORT=$4
+        local SUBCA_AJP_PORT=$5
+        local SUBCA_TOMCAT_SERVER_PORT=$6
+        local SUBCA_WORK_DIR=$7
+        local SUBCA_CERTDB_DIR=$8
+        local SUBCA_OUTPUT_FILE=$9
+	local CA_INST=${10}
+	local CA_HOST=${11}
+	local CA_UNSECURE_PORT=${12}
+	local CA_SECURE_PORT=${13}
+        local SUBCA_INSTANCECFG="$SUBCA_WORK_DIR/subca_instance.inf"
+        local SUBCA_INSTANCE_CREATE_OUT="$SUBCA_WORK_DIR/subca_instance_create.out"
+        local SUBCA_ADMIN_CERT_LOCATION=/root/.dogtag/$SUBCA_INSTANCE_NAME/ca_admin_cert.p12
+        local admin_cert_nickname="PKI Administrator for $CA_DOMAIN"
+	local CA_ADMIN_PASSWORD=$(eval echo \$${CA_INST}\_ADMIN_PASSWORD)
+	local CA_ADMIN_USER=$(eval echo \$${CA_INST}\_ADMIN_USER)
+	local CA_SECURITY_DOMAIN_PASSWORD=$(eval echo \$${CA_INST}\_SECURITY_DOMAIN_PASSWORD)
+	local CA_CLIENT_PKCS12_PASSWORD=$(eval echo \$${CA_INST}\_CLIENT_PKCS12_PASSWORD)
+	
+	rhcs_install_prep_disableFirewall
+
+        for i in {$SUBCA_LDAP_PORT $SUBCA_HTTP_PORT $SUBCA_HTTPS_PORT $SUBCA_AJP_PORT $SUBCA_TOMCAT_SERVER_PORT}
+        do
+                netstat -plant | cut -d" " -f4 | cut -d":" -f2 | grep -v grep | grep $i
+                RETVAL=$?
+                if [ $RETVAL == 0 ];then
+                        echo -e "\nThere are some process which are using those ports"
+                        rlFail "Ports already in use installation Failed"
+                fi
+        done
+
+        rlLog "Creating LDAP server Instance to Sub CA instace $SUBCA_INSTANCE_NAME"
+        rhcs_install_set_ldap_vars
+        rlRun "rhds_install $SUBCA_LDAP_PORT $SUBCA_INSTANCE_NAME \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $LDAP_BASEDN" 0
+        if [ $? != 0 ]; then
+                rlFail "Unable to setup ldap instance"
+                return 1
+        fi
+        echo -e "[DEFAULT]" > $SUBCA_INSTANCECFG
+        echo -e "pki_instance_name = $SUBCA_INSTANCE_NAME" >> $SUBCA_INSTANCECFG
+        echo -e "pki_admin_password = $CA_ADMIN_PASSWORD" >> $SUBCA_INSTANCECFG
+        echo -e "pki_client_pkcs12_password = $CA_CLIENT_PKCS12_PASSWORD" >> $SUBCA_INSTANCECFG
+        echo -e "pki_client_database_password = $CA_CLIENT_PKCS12_PASSWORD" >> $SUBCA_INSTANCECFG
+        echo -e "pki_ds_password= $LDAP_ROOTDNPWD" >> $SUBCA_INSTANCECFG
+        echo -e "pki_security_domain_password = $CA_SECURITY_DOMAIN_PASSWORD" >> $SUBCA_INSTANCECFG
+        echo -e "pki_security_domain_hostname = $CA_HOST" >> $SUBCA_INSTANCECFG
+        echo -e "pki_security_domain_https_port = $CA_SECURE_PORT" >> $SUBCA_INSTANCECFG
+        echo -e "pki_security_domain_user = $CA_ADMIN_USER" >> $SUBCA_INSTANCECFG
+        echo -e "[CA]" >> $SUBCA_INSTANCECFG
+        echo -e "pki_subordinate=True" >> $SUBCA_INSTANCECFG
+        echo -e "pki_issuing_ca=https://$(hostname):$CA_SECURE_PORT" >> $SUBCA_INSTANCECFG
+        echo -e "pki_ca_signing_subject_dn = cn=SubCA-$SUBCA_INSTANCE_NAME,o=%(pki_security_domain_name)s" >> $SUBCA_INSTANCECFG
+        echo -e "pki_http_port = $SUBCA_HTTP_PORT" >> $SUBCA_INSTANCECFG
+        echo -e "pki_https_port = $SUBCA_HTTPS_PORT" >> $SUBCA_INSTANCECFG
+        echo -e "pki_ajp_port = $SUBCA_AJP_PORT" >> $SUBCA_INSTANCECFG
+        echo -e "pki_tomcat_server_port = $SUBCA_TOMCAT_SERVER_PORT" >> $SUBCA_INSTANCECFG
+        echo -e "pki_admin_uid = caadmin" >> $SUBCA_INSTANCECFG
+        echo -e "pki_import_admin_cert = False" >> $SUBCA_INSTANCECFG
+        echo -e "pki_ds_hostname = $CA_HOST" >> $SUBCA_INSTANCECFG
+        echo -e "pki_ds_ldap_port = $SUBCA_LDAP_PORT" >> $SUBCA_INSTANCECFG
+        echo -e "pki_ds_bind_dn = cn=Directory Manager" >> $SUBCA_INSTANCECFG
+        echo -e "pki_ds_password = $LDAP_ROOTDNPWD" >> $SUBCA_INSTANCECFG
+        echo -e "pki_ds_base_dn = o=$SUBCA_INSTANCE_NAME-CA" >> $SUBCA_INSTANCECFG
+        rlLog "Executing: pkispawn -s CA -f $SUBCA_INSTANCECFG -v "
+        rlRun "pkispawn -s CA -f $SUBCA_INSTANCECFG -v > $SUBCA_INSTANCE_CREATE_OUT 2>&1"
+        if [ $? != 0 ]; then
+                rlFail "FAIL Subca instance $SUBCA_INSTANCE_NAME failed"
+                return 1
+        fi
+        exp_message1="Administrator's username:             $PKI_SECURITY_DOMAIN_USER"
+        rlAssertGrep "$exp_message1" "$SUBCA_INSTANCE_CREATE_OUT"
+        exp_message1_1="Administrator's PKCS #12 file:"
+        rlAssertGrep "$exp_message1_1" "$SUBCA_INSTANCE_CREATE_OUT"
+        exp_message2="$CA_DOMAIN"
+        rlAssertGrep "$exp_message2" "$SUBCA_INSTANCE_CREATE_OUT"
+        exp_message3_1="To check the status of the subsystem:"
+        rlAssertGrep "$exp_message3_1" "$SUBCA_INSTANCE_CREATE_OUT"
+        exp_message3_2="systemctl status pki-tomcatd\@$subca_instance_name.service"
+        rlAssertGrep "$exp_message3_2" "$SUBCA_INSTANCE_CREATE_OUT"
+        exp_message4_1="To restart the subsystem:"
+        rlAssertGrep "$exp_message4_1" "$SUBCA_INSTANCE_CREATE_OUT"
+        exp_message4_2=" systemctl restart pki-tomcatd\@$subca_instance_name.service"
+        rlAssertGrep "$exp_message4_2" "$SUBCA_INSTANCE_CREATE_OUT"
+        exp_message5="The URL for the subsystem is:"
+        rlAssertGrep "$exp_message5" "$SUBCA_INSTANCE_CREATE_OUT"
+        exp_message5_1="https://$(hostname):$SUBCA_HTTPS_PORT/ca"
+        rlAssertGrep "$exp_message5_1" "$SUBCA_INSTANCE_CREATE_OUT"
+
+        echo -e "SUBCA_SERVER_ROOT:/var/lib/pki/$SUBCA_INSTANCE_NAME/ca" >> $SUBCA_OUTPUT_FILE
+        echo -e "SUBCA_CERTDB_DIR:$SUBCA_WORK_DIR/certs_db" >> $SUBCA_OUTPUT_FILE
+        echo -e "SUBCA_LDAP_INSTANCE_NAME:o=$SUBCA_INSTANCE_NAME-CA" >> $SUBCA_OUTPUT_FILE
+        echo -e "SUBCA_ADMIN_USER:$CA_ADMIN_USER" >> $SUBCA_OUTPUT_FILE
+        echo -e "SUBCA_ADMIN_PASSWORD:$CA_ADMIN_PASSWORD" >> $SUBCA_OUTPUT_FILE
+        echo -e "SUBCA_CLIENT_PKCS12_PASSWORD:$CA_CLIENT_PKCS12_PASSWORD" >> $SUBCA_OUTPUT_FILE
+        echo -e "SUBCA_ADMIN_CERT_LOCATION:/root/.dogtag/$SUBCA_INSTANCE_NAME/ca_admin_cert.p12" >> $SUBCA_OUTPUT_FILE
+        echo -e "CA_ADMIN_NICK:$ADMIN_NICK" >> $SUBCA_OUTPUT_FILE
+        echo -e "$CA_CLIENT_PKCS12_PASSWORD" > $SUBCA_WORK_DIR/pwfile
+        rlRun "importP12FileNew $SUBCA_ADMIN_CERT_LOCATION $CA_CLIENT_PKCS12_PASSWORD $SUBCA_CERTDB_DIR $CA_CLIENT_PKCS12_PASSWORD $admin_cert_nickname"
+        return 0
+}
author	Niranjan Mallapadi <mrniranjan@redhat.com>	2014-09-29 18:07:29 +0530
committer	Niranjan Mallapadi <mrniranjan@redhat.com>	2014-09-29 18:14:44 +0530
commit	9d977698d43e6e59d014e65e75c74493b82c3588 (patch)
tree	5ea0be838f7a2fd527dd64461ef39e504506abfe /tests
parent	15944116f9c01a8ecd21c0ef533edf1c29f208ac (diff)
download	pki-9d977698d43e6e59d014e65e75c74493b82c3588.tar.gz pki-9d977698d43e6e59d014e65e75c74493b82c3588.tar.xz pki-9d977698d43e6e59d014e65e75c74493b82c3588.zip