diff options
Diffstat (limited to 'tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp')
13 files changed, 12595 insertions, 1417 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh index 11dc030fd..e804274b1 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-add-ocsp.sh @@ -6,14 +6,14 @@ # Description: PKI user-add CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-add Add users to pki OCSP subsystem. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Author: Asha Akkiangady <aakkiang@redhat.com> +# Author: Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms @@ -32,845 +32,703 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include rhts environment -. /usr/bin/rhts-environment.sh . /usr/share/beakerlib/beakerlib.sh . /opt/rhqa_pki/rhcs-shared.sh . /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh -###################################################################################### -#pki-user-cli-user-ca.sh should be first executed prior to pki-user-cli-user-add-ca.sh -#pki-user-cli-user-ocsp.sh -###################################################################################### - ######################################################################## -# Test Suite Globals +#create_role_users.sh should be first executed prior to pki-user-cli-user-add-ocsp.sh ######################################################################## +run_pki-user-cli-user-add-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId -user1="ocsp_agent2" -user1fullname="Test ocsp_agent" + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd -######################################################################## + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi -run_pki-user-cli-user-add-ocsp_tests(){ - rlPhaseStartSetup "pki_user_cli_user_add-ocsp-startup:Getting nss certificate db " - rlLog "Certificate directory = $CERTDB_DIR" + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli-configtest: pki user --help configuration test" + rlRun "pki user --help > $TmpDir/pki_user_cfg.out 2>&1" \ + 0 \ + "pki user --help" + rlAssertGrep "user-find Find users" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-show Show user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-add Add user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-mod Modify user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-del Remove user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-cert User certificate management commands" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-membership User membership management commands" "$TmpDir/pki_user_cfg.out" rlPhaseEnd - #====Ticket corresponding to pki_user_cli_user_add-configtest : https://fedorahosted.org/pki/ticket/519=====# + rlPhaseStartTest "pki_user_cli_user_add-configtest: pki user-add configuration test" - rlRun "pki user-add > $TmpDir/pki_user_add_cfg.out" \ - 1 \ - "https://fedorahosted.org/pki/ticket/519" - rlAssertGrep "usage: user-add <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" + rlRun "pki user-add --help > $TmpDir/pki_user_add_cfg.out 2>&1" \ + 0 \ + "pki user-add --help" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--email <email> Email" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--password <password> Password" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--state <state> State" "$TmpDir/pki_user_add_cfg.out" rlAssertGrep "\--type <type> Type" "$TmpDir/pki_user_add_cfg.out" rlPhaseEnd + ##### Tests to add OCSP users using a user of admin group with a valid cert#### rlPhaseStartTest "pki_user_cli_user_add-OCSP-001: Add a user to OCSP using OCSP_adminV" + user1=ocsp_agent2 + user1fullname="Test ocsp_agent" rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" \ - 0 \ - "Add user $user1 to OCSP_adminV" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-show $user1" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-show $user1 > $TmpDir/pki-user-add-ocsp-001.out" \ - 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-add-ocsp-001.out" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -t ocsp -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-001.out" 0 "Add user $user1 to OCSP_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-ocsp-001.out" rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-001.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-001.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_1:maximum length of user id " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abcdefghijklmnopqrstuvwxyx12345678 " \ - 0 \ - "Added user using OCSP_adminV with maximum user id length" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abcdefghijklmnopqrstuvwxyx12345678 > $TmpDir/pki-user-add-ocsp-001_1.out" \ - 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abcdefghijklmnopqrstuvwxyx12345678\"" "$TmpDir/pki-user-add-ocsp-001_1.out" - rlAssertGrep "User ID: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-ocsp-001_1.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-ocsp-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-user-add-ocsp-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_1.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abcdefghijklmnopqrstuvwxyx12345678 " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_2:User id with # character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc# " \ - 0 \ - "Added user using OCSP_adminV, user id with # character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-003:User id with # character" + user3=abc# rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc# > $TmpDir/pki-user-add-ocsp-001_2.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user3 > $TmpDir/pki-user-add-ocsp-001_2.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abc#\"" "$TmpDir/pki-user-add-ocsp-001_2.out" - rlAssertGrep "User ID: abc#" "$TmpDir/pki-user-add-ocsp-001_2.out" + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-user-add-ocsp-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-add-ocsp-001_2.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_2.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc# " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_3:User id with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc$ " \ - 0 \ - "Added user using OCSP_adminV, user id with $ character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-004:User id with $ character" + user4=abc$ rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc$ > $TmpDir/pki-user-add-ocsp-001_3.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user4 > $TmpDir/pki-user-add-ocsp-001_3.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abc$\"" "$TmpDir/pki-user-add-ocsp-001_3.out" + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-user-add-ocsp-001_3.out" rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-add-ocsp-001_3.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_3.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc$ " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_4:User id with @ character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc@ " \ - 0 \ - "Added user using OCSP_adminV, user id with @ character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-005:User id with @ character" + user5=abc@ rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc@ > $TmpDir/pki-user-add-ocsp-001_4.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user5 > $TmpDir/pki-user-add-ocsp-001_4.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abc@\"" "$TmpDir/pki-user-add-ocsp-001_4.out" - rlAssertGrep "User ID: abc@" "$TmpDir/pki-user-add-ocsp-001_4.out" + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-user-add-ocsp-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-add-ocsp-001_4.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_4.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc@ " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_5:User id with ? character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test abc? " \ - 0 \ - "Added user using OCSP_adminV, user id with ? character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-006:User id with ? character" + user6=abc? rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show abc? > $TmpDir/pki-user-add-ocsp-001_5.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user6 > $TmpDir/pki-user-add-ocsp-001_5.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"abc?\"" "$TmpDir/pki-user-add-ocsp-001_5.out" - rlAssertGrep "User ID: abc?" "$TmpDir/pki-user-add-ocsp-001_5.out" + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-user-add-ocsp-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-add-ocsp-001_5.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_5.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del abc? " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_6:User id as 0" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test 0 " \ - 0 \ - "Added user using OCSP_adminV, user id 0" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-007:User id as 0" + user7=0 rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show 0 > $TmpDir/pki-user-add-ocsp-001_6.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user7 > $TmpDir/pki-user-add-ocsp-001_6.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"0\"" "$TmpDir/pki-user-add-ocsp-001_6.out" - rlAssertGrep "User ID: 0" "$TmpDir/pki-user-add-ocsp-001_6.out" + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-user-add-ocsp-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-add-ocsp-001_6.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_6.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del 0 " \ - 0 \ - "Delete user from OCSP" - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_7:--email with maximum length " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=abcdefghijklmnopqrstuvwxyx12345678 a " \ - 0 \ - "Added user using OCSP_adminV with maximum --email length" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show a > $TmpDir/pki-user-add-ocsp-001_7.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-user-add-ocsp-001_7.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"a\"" "$TmpDir/pki-user-add-ocsp-001_7.out" - rlAssertGrep "User ID: a" "$TmpDir/pki-user-add-ocsp-001_7.out" + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-user-add-ocsp-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-user-add-ocsp-001_7.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_7.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-ocsp-001_7.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del a" \ - 0 \ - "Delete user from OCSP" + actual_email_string=`cat $TmpDir/pki-user-add-ocsp-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_8:--email with maximum length and symbols " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=abcdefghijklmnopqrstuvwxyx12345678#?*@$ b " \ - 0 \ - "Added user using OCSP_adminV with maximum --email length and character symbols in it" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show b > $TmpDir/pki-user-add-ocsp-001_8.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email='$email' u2 > $TmpDir/pki-user-add-ocsp-001_8.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"b\"" "$TmpDir/pki-user-add-ocsp-001_8.out" - rlAssertGrep "User ID: b" "$TmpDir/pki-user-add-ocsp-001_8.out" + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-user-add-ocsp-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-user-add-ocsp-001_8.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_8.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-add-ocsp-001_8.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del b" \ - 0 \ - "Delete user from OCSP" + actual_email_string=`cat $TmpDir/pki-user-add-ocsp-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_9:--email with # character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=# d " \ - 0 \ - "Added user using OCSP_adminV with --email # character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-010:--email with # character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show d > $TmpDir/pki-user-add-ocsp-001_9.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=# u3 > $TmpDir/pki-user-add-ocsp-001_9.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"d\"" "$TmpDir/pki-user-add-ocsp-001_9.out" - rlAssertGrep "User ID: d" "$TmpDir/pki-user-add-ocsp-001_9.out" + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-user-add-ocsp-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-user-add-ocsp-001_9.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_9.out" rlAssertGrep "Email: #" "$TmpDir/pki-user-add-ocsp-001_9.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del d " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_10:--email with * character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=* e " \ - 0 \ - "Added user using OCSP_adminV with --email * character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-011:--email with * character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show e > $TmpDir/pki-user-add-ocsp-001_10.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=* u4 > $TmpDir/pki-user-add-ocsp-001_10.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"e\"" "$TmpDir/pki-user-add-ocsp-001_10.out" - rlAssertGrep "User ID: e" "$TmpDir/pki-user-add-ocsp-001_10.out" + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-user-add-ocsp-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-user-add-ocsp-001_10.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_10.out" rlAssertGrep "Email: *" "$TmpDir/pki-user-add-ocsp-001_10.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del e " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_11:--email with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=$ f " \ - 0 \ - "Added user using OCSP_adminV with --email $ character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-012:--email with $ character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show f > $TmpDir/pki-user-add-ocsp-001_11.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=$ u5 > $TmpDir/pki-user-add-ocsp-001_11.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"f\"" "$TmpDir/pki-user-add-ocsp-001_11.out" - rlAssertGrep "User ID: f" "$TmpDir/pki-user-add-ocsp-001_11.out" + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-user-add-ocsp-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-user-add-ocsp-001_11.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_11.out" rlAssertGrep "Email: \\$" "$TmpDir/pki-user-add-ocsp-001_11.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del f " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_12:--email as number 0 " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --email=0 z " \ - 0 \ - "Added user using OCSP_adminV with --email 0" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-013:--email as number 0" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show z > $TmpDir/pki-user-add-ocsp-001_12.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=0 u6 > $TmpDir/pki-user-add-ocsp-001_12.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"z\"" "$TmpDir/pki-user-add-ocsp-001_12.out" - rlAssertGrep "User ID: z" "$TmpDir/pki-user-add-ocsp-001_12.out" + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-user-add-ocsp-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-user-add-ocsp-001_12.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_12.out" rlAssertGrep "Email: 0" "$TmpDir/pki-user-add-ocsp-001_12.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del z" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_13:--state with maximum length " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=abcdefghijklmnopqrstuvwxyx12345678 h " \ - 0 \ - "Added user using OCSP_adminV with maximum --state length" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show h > $TmpDir/pki-user-add-ocsp-001_13.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-user-add-ocsp-001_13.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"h\"" "$TmpDir/pki-user-add-ocsp-001_13.out" - rlAssertGrep "User ID: h" "$TmpDir/pki-user-add-ocsp-001_13.out" + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-user-add-ocsp-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-user-add-ocsp-001_13.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_13.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-ocsp-001_13.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del h " \ - 0 \ - "Delete user from OCSP" + actual_state_string=`cat $TmpDir/pki-user-add-ocsp-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-ocsp-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-ocsp-001_13.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_14:--state with maximum length and symbols " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=abcdefghijklmnopqrstuvwxyx12345678#?*@$ i " \ - 0 \ - "Added user using OCSP_adminV with maximum --state length and character symbols in it" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show i > $TmpDir/pki-user-add-ocsp-001_14.out" \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state='$state' u8 > $TmpDir/pki-user-add-ocsp-001_14.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"i\"" "$TmpDir/pki-user-add-ocsp-001_14.out" - rlAssertGrep "User ID: i" "$TmpDir/pki-user-add-ocsp-001_14.out" + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-user-add-ocsp-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-user-add-ocsp-001_14.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_14.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-add-ocsp-001_14.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del i " \ - 0 \ - "Delete user from OCSP" + actual_state_string=`cat $TmpDir/pki-user-add-ocsp-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-ocsp-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-ocsp-001_14.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_15:--state with # character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=# j " \ - 0 \ - "Added user using OCSP_adminV with --state # character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-016:--state with # character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show j > $TmpDir/pki-user-add-ocsp-001_15.out" \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state=# u9 > $TmpDir/pki-user-add-ocsp-001_15.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"j\"" "$TmpDir/pki-user-add-ocsp-001_15.out" - rlAssertGrep "User ID: j" "$TmpDir/pki-user-add-ocsp-001_15.out" + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-ocsp-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-ocsp-001_15.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_15.out" rlAssertGrep "State: #" "$TmpDir/pki-user-add-ocsp-001_15.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del j" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_16:--state with * character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=* k " \ - 0 \ - "Added user using OCSP_adminV with --state * character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-017:--state with * character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show k > $TmpDir/pki-user-add-ocsp-001_16.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=* u10 > $TmpDir/pki-user-add-ocsp-001_16.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"k\"" "$TmpDir/pki-user-add-ocsp-001_16.out" - rlAssertGrep "User ID: k" "$TmpDir/pki-user-add-ocsp-001_16.out" + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-ocsp-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-ocsp-001_16.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_16.out" rlAssertGrep "State: *" "$TmpDir/pki-user-add-ocsp-001_16.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del k " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_17:--state with $ character " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=$ l " \ - 0 \ - "Added user using OCSP_adminV with --state $ character" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-018:--state with $ character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show l > $TmpDir/pki-user-add-ocsp-001_17.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=$ u11 > $TmpDir/pki-user-add-ocsp-001_17.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"l\"" "$TmpDir/pki-user-add-ocsp-001_17.out" - rlAssertGrep "User ID: l" "$TmpDir/pki-user-add-ocsp-001_17.out" + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-ocsp-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-ocsp-001_17.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_17.out" rlAssertGrep "State: \\$" "$TmpDir/pki-user-add-ocsp-001_17.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del l " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_18:--state as number 0 " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --state=0 m " \ - 0 \ - "Added user using OCSP_adminV with --state 0" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-019:--state as number 0" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show m > $TmpDir/pki-user-add-ocsp-001_18.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=0 u12 > $TmpDir/pki-user-add-ocsp-001_18.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"m\"" "$TmpDir/pki-user-add-ocsp-001_18.out" - rlAssertGrep "User ID: m" "$TmpDir/pki-user-add-ocsp-001_18.out" + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-add-ocsp-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-add-ocsp-001_18.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_18.out" rlAssertGrep "State: 0" "$TmpDir/pki-user-add-ocsp-001_18.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del m" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_19:--phone with maximum length " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=abcdefghijklmnopqrstuvwxyx12345678 n " \ - 0 \ - "Added user using OCSP_adminV with maximum --phone length" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-show n > $TmpDir/pki-user-add-ocsp-001_19.out" \ + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-user-add-ocsp-001_19.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"n\"" "$TmpDir/pki-user-add-ocsp-001_19.out" - rlAssertGrep "User ID: n" "$TmpDir/pki-user-add-ocsp-001_19.out" + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-user-add-ocsp-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-user-add-ocsp-001_19.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_19.out" - rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-add-ocsp-001_19.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del n " \ - 0 \ - "Delete user from OCSP" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ocsp-001_19.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_20:--phone with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=abcdefghijklmnopqrstuvwxyx12345678#?*@$ o > $TmpDir/pki-user-add-ocsp-001_20.out 2>&1"\ - 1 \ - "Cannot add user using OCSP_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_20.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-user-add-ocsp-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_21:--phone with # character " + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-022:--phone with # character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=# p > $TmpDir/pki-user-add-ocsp-001_21.out 2>&1" \ - 1 \ - "Cannot add user using OCSP_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_21.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=# usr2 > $TmpDir/pki-user-add-ocsp-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_22:--phone with * character " + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-023:--phone with * character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=* q > $TmpDir/pki-user-add-ocsp-001_22.out 2>&1" \ - 1 \ - "Cannot add user using OCSP_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_22.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=* usr3 > $TmpDir/pki-user-add-ocsp-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_23:--phone with $ character " + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-024:--phone with $ character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=$ r > $TmpDir/pki-user-add-ocsp-001_23.out 2>&1" \ - 1 \ - "Cannot add user using OCSP_adminV with maximum --phone with character symbols in it" - rlAssertGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_23.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-user-add-ocsp-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-ocsp-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_24:--phone as negative number -1230 " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --phone=-1230 s " \ - 0 \ - "Added user using OCSP_adminV with --phone -1230" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-025:--phone as negative number -1230" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show s > $TmpDir/pki-user-add-ocsp-001_24.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-user-add-ocsp-001_24.out " \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"s\"" "$TmpDir/pki-user-add-ocsp-001_24.out" - rlAssertGrep "User ID: s" "$TmpDir/pki-user-add-ocsp-001_24.out" + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-user-add-ocsp-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-user-add-ocsp-001_24.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_24.out" rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-add-ocsp-001_24.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del s " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_25:--type as Auditors" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=Auditors t " \ - 0 \ - "Added user using OCSP_adminV with --type Auditors" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-026:--type as Auditors" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show t > $TmpDir/pki-user-add-ocsp-001_25.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-user-add-ocsp-001_25.out" \ 0 \ - "Show pki OCSP_adminV user" - rlAssertGrep "User \"t\"" "$TmpDir/pki-user-add-ocsp-001_25.out" - rlAssertGrep "User ID: t" "$TmpDir/pki-user-add-ocsp-001_25.out" + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-ocsp-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-ocsp-001_25.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_25.out" rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-add-ocsp-001_25.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del t " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_26:--type Data Recovery Manager Agents " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Certificate Manager Agents\" t" \ - 0 \ - "Added user using OCSP_adminV --type Certificate Manager Agents" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-027:--type Certificate Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show t > $TmpDir/pki-user-add-ocsp-001_26.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-user-add-ocsp-001_26.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"t\"" "$TmpDir/pki-user-add-ocsp-001_26.out" - rlAssertGrep "User ID: t" "$TmpDir/pki-user-add-ocsp-001_26.out" + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-user-add-ocsp-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-add-ocsp-001_26.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_26.out" rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-add-ocsp-001_26.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del t " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_27:--type Registration Manager Agents " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Registration Manager Agents\" u " \ - 0 \ - "Added user using OCSP_adminV with --type Registration Manager Agents" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-028:--type Registration Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show u > $TmpDir/pki-user-add-ocsp-001_27.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-user-add-ocsp-001_27.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"u\"" "$TmpDir/pki-user-add-ocsp-001_27.out" - rlAssertGrep "User ID: u" "$TmpDir/pki-user-add-ocsp-001_27.out" + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-user-add-ocsp-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-user-add-ocsp-001_27.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_27.out" rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-add-ocsp-001_27.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del u" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_28:--type Subsytem Group " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Subsytem Group\" v " \ - 0 \ - "Added user using OCSP_adminV with --type Subsytem Group" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-029:--type Subsytem Group" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show v > $TmpDir/pki-user-add-ocsp-001_28.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-user-add-ocsp-001_28.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"v\"" "$TmpDir/pki-user-add-ocsp-001_28.out" - rlAssertGrep "User ID: v" "$TmpDir/pki-user-add-ocsp-001_28.out" + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-user-add-ocsp-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-user-add-ocsp-001_28.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_28.out" rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-add-ocsp-001_28.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del v" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_29:--type Security Domain Administrators " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Security Domain Administrators\" w " \ - 0 \ - "Added user using OCSP_adminV with --type Security Domain Administrators" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-030:--type Security Domain Administrators" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show w > $TmpDir/pki-user-add-ocsp-001_29.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-user-add-ocsp-001_29.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"w\"" "$TmpDir/pki-user-add-ocsp-001_29.out" - rlAssertGrep "User ID: w" "$TmpDir/pki-user-add-ocsp-001_29.out" + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-ocsp-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-ocsp-001_29.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_29.out" rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-add-ocsp-001_29.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del w" \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_30:--type ClonedSubsystems " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=ClonedSubsystems x " \ - 0 \ - "Added user using OCSP_adminV with --type ClonedSubsystems" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-031:--type ClonedSubsystems" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show x > $TmpDir/pki-user-add-ocsp-001_30.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-user-add-ocsp-001_30.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"x\"" "$TmpDir/pki-user-add-ocsp-001_30.out" - rlAssertGrep "User ID: x" "$TmpDir/pki-user-add-ocsp-001_30.out" + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-ocsp-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-ocsp-001_30.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_30.out" rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-add-ocsp-001_30.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del x " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-001_31:--type Trusted Managers " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=test --type=\"Trusted Managers\" y " \ - 0 \ - "Added user using OCSP_adminV with --type Trusted Managers" + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-032:--type Trusted Managers" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-show y > $TmpDir/pki-user-add-ocsp-001_31.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-user-add-ocsp-001_31.out" \ 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"y\"" "$TmpDir/pki-user-add-ocsp-001_31.out" - rlAssertGrep "User ID: y" "$TmpDir/pki-user-add-ocsp-001_31.out" + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-user-add-ocsp-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-user-add-ocsp-001_31.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_31.out" rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-add-ocsp-001_31.out" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del y " \ - 0 \ - "Delete user from OCSP" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-002: Add a duplicate user to CA" - command="pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-ocsp-002.out 2>&1 " - - rlLog "Command=$command" - expmsg="ConflictingOperationException: Entry already exists." - rlRun "$command" 1 "Add duplicate user" - rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ocsp-002.out" - rlLog "Clean-up:" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-del $user1" \ - 0 \ - "Delete user from OCSP" - rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_add-OCSP-003: Add a user to OCSP with -t option" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-033:--type Dummy Group" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-003.out" \ - 0 \ - "Add user $user1 to CA" - rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-ocsp-003.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-003.out" - rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-003.out" - - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-show $user1 > $TmpDir/pki-user-add-ocsp-003_1.out" \ - 0 \ - "Show pki OCSP user" - rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-add-ocsp-003_1.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-003_1.out" - rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-003_1.out" - rlLog "Clean-up:" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-del $user1" \ - 0 \ - "Delete user from OCSP" + user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-user-add-ocsp-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-ocsp-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_add-OCSP-004: Add a user -- missing required option user id" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + rlPhaseStartTest "pki_user_cli_user_add-OCSP-034: Add a duplicate user to OCSP" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - user-add --fullName=\"$user1fullname\" " + user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-ocsp-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ocsp-002.out" + rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_add-OCSP-036: Add a user -- missing required option user id" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$user1fullname\" > $TmpDir/pki-user-add-ocsp-004.out" \ - 1\ + 255 \ "Add user -- missing required option user id" - rlAssertGrep "usage: user-add <User ID> \[OPTIONS...\]" "$TmpDir/pki-user-add-ocsp-004.out" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-user-add-ocsp-004.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-005: Add a user -- missing required option --fullName" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-037: Add a user -- missing required option --fullName" command="pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add $user1 > $TmpDir/pki-user-add-ocsp-005.out 2>&1" - expmsg="Error: Missing required option: fullName" - rlLog "Executing: $command" - rlRun "$command" 1 "Add a user -- missing required option --fullName" - rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ocsp-005.out" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-006: Add a user -- all options provided" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-038: Add a user -- all options provided" email="ocsp_agent2@myemail.com" user_password="agent2Password" phone="1234567890" state="NC" type="Administrators" rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$user1fullname\" \ --email $email \ @@ -878,11 +736,13 @@ run_pki-user-cli-user-add-ocsp_tests(){ --phone $phone \ --state $state \ --type $type \ - $user1" + u23" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$user1fullname\" \ --email $email \ @@ -890,79 +750,52 @@ run_pki-user-cli-user-add-ocsp_tests(){ --phone $phone \ --state $state \ --type $type \ - $user1 > $TmpDir/pki-user-add-ocsp-006_1.out" \ + u23 > $TmpDir/pki-user-add-ocsp-006_1.out" \ 0 \ - "Add user $user1 to OCSP -- all options provided" - rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-ocsp-006_1.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-006_1.out" + "Add user u23 to OCSP -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-user-add-ocsp-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-ocsp-006_1.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-add-ocsp-006_1.out" + rlPhaseEnd - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-show $user1 > $TmpDir/pki-user-add-ocsp-006.out" \ - 0 \ - "Show pki OCSP user" - - rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-ocsp-006.out" - rlAssertGrep "State: $state" "$TmpDir/pki-user-add-ocsp-006.out" - rlLog "Clean-up:" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-del $user1" \ - 0 \ - "Delete user from OCSP" - - rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_add-OCSP-007: Add user to multiple groups" - user=multigroup_user + rlPhaseStartTest "pki_user_cli_user_add-OCSP-039: Add user to multiple groups" + user=u24 userfullname="Multiple Group User" email="multiplegroup@myemail.com" user_password="admin2Password" phone="1234567890" state="NC" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add --fullName=\"$userfullname\" \ - --email $email \ - --password $user_password \ - --phone $phone \ - --state $state \ - $user" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$userfullname\" \ --email $email \ --password $user_password \ --phone $phone \ --state $state \ - $user" \ + $user > $TmpDir/pki-user-add-ocsp-006.out " \ 0 \ - "Add user $user using OCSP_adminV" - + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-ocsp-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-add-ocsp-006.out" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - group-add-member Administrators $user > $TmpDir/pki-user-add-ocsp-007_1.out" \ + group-member-add Administrators $user > $TmpDir/pki-user-add-ocsp-007_1.out" \ 0 \ "Add user $user to Administrators group" @@ -970,220 +803,746 @@ run_pki-user-cli-user-add-ocsp_tests(){ rlAssertGrep "User: $user" "$TmpDir/pki-user-add-ocsp-007_1.out" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - group-find-member Administrators > $TmpDir/pki-user-add-ocsp-007.out" \ + group-member-find Administrators > $TmpDir/pki-user-add-ocsp-007.out" \ 0 \ - "Show pki group-find-member Administrators" + "Show pki group-member-find Administrators" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - group-add-member \"Certificate Manager Agents\" $user > $TmpDir/pki-user-add-ocsp-007_1_1.out" \ + group-member-add \"Online Certificate Status Manager Agents\" $user > $TmpDir/pki-user-add-ocsp-007_1_1.out" \ 0 \ - "Add user $user to Administrators group" + "Add user $user to Online Certificate Status Manager Agents" rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-ocsp-007_1_1.out" rlAssertGrep "User: $user" "$TmpDir/pki-user-add-ocsp-007_1_1.out" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - group-find-member \"Certificate Manager Agents\" > $TmpDir/pki-user-add-ocsp-007_2.out" \ + group-member-find \"Online Certificate Status Manager Agents\" > $TmpDir/pki-user-add-ocsp-007_2.out" \ 0 \ - "Show pki group-find-member Administrators" + "Show pki group-member-find Online Certificate Status Manager Agents" rlAssertGrep "User: $user" "$TmpDir/pki-user-add-ocsp-007_2.out" - - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-del $user" \ - 0 \ - "Delete user $user " - rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-008: Add user with --password " + rlPhaseStartTest "pki_user_cli_user_add-OCSP-040: Add user with --password less than 8 characters" userpw="pass" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-ocsp-008.out 2>&1" expmsg="PKIException: The password must be at least 8 characters" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-ocsp-008.out 2>&1" \ - 1 \ + 255 \ "Add a user --must be at least 8 characters --password" rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-ocsp-008.out" - rlPhaseEnd ##### Tests to add users using revoked cert##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-009: Cannot add user using a revoked cert OCSP_adminR" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-041: Should not be able to add user using a revoked cert OCSP_adminR" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminR \ + -n ${prefix}_adminR \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-revoke-adminR-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a user having revoked cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-revoke-adminR-002.out" + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-009_1: Cannot add user using a agent or a revoked cert OCSP_agentR" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_agentR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-042: Should not be able to add user using a agent with revoked cert OCSP_agentR" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_agentR \ + -n ${prefix}_agentR \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-revoke-agentR-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a user having revoked cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-revoke-agentR-002.out" + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" rlPhaseEnd ##### Tests to add users using an agent user##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0010: Cannot add user using a OCSP_agentV user" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_agentV \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-043: Should not be able to add user using a valid agent OCSP_agentV user" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_agentV \ + -n ${prefix}_agentV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentV-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ocsp-agentV-002.out" + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ocsp-agentV-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0011: Cannot add user using a OCSP_agentR user" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_agentR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_agentR \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentR-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-agentR-002.out" + ##### Tests to add users using OCSP_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_user_cli_user_add-OCSP-044: Should not be able to add user using a OCSP_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-agentUTCA-002.out" rlPhaseEnd + ##### Tests to add users using expired cert##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0012: Cannot add user using a OCSP_adminE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_adminE \ - -c $CERTDB_DIR_PASSWORD \ + rlPhaseStartTest "pki_user_cli_user_add-OCSP-045: Should not be able to add user using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminE \ + -n ${prefix}_adminE \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-adminE-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "RuntimeException: java.io.IOException: SocketException cannot read on socket" "$TmpDir/pki-user-add-ocsp-adminE-002.out" + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ocsp-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0013: Cannot add user using a OCSP_agentE cert" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-046: Should not be able to add user using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_agentE \ + -n ${prefix}_agentE \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_agentE \ + -n ${prefix}_agentE \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentE-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a agent cert" - rlAssertGrep "RuntimeException: java.io.IOException: SocketException cannot read on socket" "$TmpDir/pki-user-add-ocsp-agentE-002.out" + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ocsp-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" rlPhaseEnd ##### Tests to add users using audit users##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0012: Cannot add user using a OCSP_auditV" - - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_auditV \ + rlPhaseStartTest "pki_user_cli_user_add-OCSP-047: Should not be able to add user using a OCSP_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_auditV \ + -n ${prefix}_auditV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-auditV-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a audit cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ocsp-auditV-002.out" + 255 \ + "Should not be able to add user $user1 using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ocsp-auditV-002.out" rlPhaseEnd - ##### Tests to add users using operator user### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0013: Cannot add user using a OCSP_operatorV" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n OCSP_operatorV \ + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_user_cli_user_add-OCSP-048: Should not be able to add user using a OCSP_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ocsp-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-049: Should not be able to add user using a cert created from a untrusted OCSP OCSP_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test \"$user_length_exceed_max\"" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_operatorV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-operatorV-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a operator cert" - rlAssertGrep "ForbiddenException: Authorization failed on resource: certServer.ca.users, operation: execute" "$TmpDir/pki-user-add-ocsp-operatorV-002.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-user-add-ocsp-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-user-add-ocsp-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-ocsp-001_50.out" rlPhaseEnd + rlPhaseStartTest "pki_user_cli_user_add-OCSP-051: fullname with i18n characters" + rlLog "user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-user-add-ocsp-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-user-add-ocsp-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-add-ocsp-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-add-ocsp-001_51.out" + rlPhaseEnd - ##### Tests to add users using OCSP_adminUTOCSP and OCSP_agentUTOCSP user's certificate will be issued by an untrusted OCSP users##### - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0014: Cannot add user using a OCSP_adminUTOCSP" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-052: fullname with i18n characters" + rlLog "user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u27 > $TmpDir/pki-user-add-ocsp-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-user-add-ocsp-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-user-add-ocsp-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-add-ocsp-001_52.out" + rlPhaseEnd - rlLog "Executing: pki -d /tmp/untrusted_cert_db \ - -n OCSP_adminUTOCSP \ - -c Password \ - user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d /tmp/untrusted_cert_db \ - -n OCSP_adminUTOCSP \ - -c Password \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-adminUTOCSP-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a untrusted cert" - rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-ocsp-adminUTOCSP-002.out" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-053: fullname with i18n characters" + rlLog "user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-user-add-ocsp-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-user-add-ocsp-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-ocsp-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-user-add-ocsp-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u28 > $TmpDir/pki-user-add-ocsp-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-user-add-ocsp-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-ocsp-001_53_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_add-OCSP-0014: Cannot add user using a OCSP_agentUTOCSP" + rlPhaseStartTest "pki_user_cli_user_add-OCSP-054: fullname with i18n characters" + rlLog "user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-user-add-ocsp-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-user-add-ocsp-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-ocsp-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u29 > $TmpDir/pki-user-add-ocsp-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-user-add-ocsp-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-ocsp-001_54_2.out" + rlPhaseEnd - rlLog "Executing: pki -d /tmp/untrusted_cert_db \ - -n OCSP_agentUTOCSP \ - -c Password \ - user-add --fullName=\"$user1fullname\" $user1" - rlRun "pki -d /tmp/untrusted_cert_db \ - -n OCSP_agentUTOCSP \ + rlPhaseStartTest "pki_user_cli_user_add-OCSP-055: fullname with i18n characters" + rlLog "user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-user-add-ocsp-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-user-add-ocsp-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-ocsp-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u30 > $TmpDir/pki-user-add-ocsp-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-user-add-ocsp-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-ocsp-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-056: user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-057: userid with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-058: email address with i18n characters" + rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t ocsp user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-059: email address with i18n characters" + rlLog "user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-060: password with i18n characters" + rlLog "user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-user-add-ocsp-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-user-add-ocsp-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u31 > $TmpDir/pki-user-add-ocsp-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-user-add-ocsp-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-061: password with i18n characters" + rlLog "user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-user-add-ocsp-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-user-add-ocsp-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u32 > $TmpDir/pki-user-add-ocsp-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-user-add-ocsp-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-062: type with i18n characters" + rlLog "user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-user-add-ocsp-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-user-add-ocsp-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-ocsp-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u33 > $TmpDir/pki-user-add-ocsp-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-user-add-ocsp-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-ocsp-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-063: type with i18n characters" + rlLog "user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-user-add-ocsp-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-user-add-ocsp-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-ocsp-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u34 > $TmpDir/pki-user-add-ocsp-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-user-add-ocsp-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-ocsp-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-064: state with i18n characters" + rlLog "user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state='čå' u35 > $TmpDir/pki-user-add-ocsp-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-user-add-ocsp-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-ocsp-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u35 > $TmpDir/pki-user-add-ocsp-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-user-add-ocsp-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-ocsp-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-065: state with i18n characters" + rlLog "user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state='йč' u36 > $TmpDir/pki-user-add-ocsp-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-user-add-ocsp-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-ocsp-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u36 > $TmpDir/pki-user-add-ocsp-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-user-add-ocsp-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-ocsp-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ -c Password \ - user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-ocsp-agentUTOCSP-002.out 2>&1" \ - 1 \ - "Cannot add user $user1 using a untrusted cert" - rlAssertGrep "RuntimeException: java.net.SocketException: Object not found: org.mozilla.jss.crypto.ObjectNotFoundException" "$TmpDir/pki-user-add-ocsp-agentUTOCSP-002.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-add-ocsp-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-ocsp-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t ocsp \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t ocsp \ + user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-OCSP-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t ocsp \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t ocsp \ + user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del '$usr' > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del $pki_user > $TmpDir/pki-user-del-user-ocsp-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-user-del-user-ocsp-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "OCSP instance not created." + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-add-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-add-ocsp.sh new file mode 100755 index 000000000..01fc84417 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-add-ocsp.sh @@ -0,0 +1,2405 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-add-ocsp Add certs to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-add-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-add-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to add certs to OCSP users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-002: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_002crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_ocsp_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_004crmf.out > $TmpDir/pki_ocsp_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_ocsp_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_005crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_ocsp_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-006-tier1: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_006crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-007-tier1: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $user2" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_009crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_ocsp_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_ocsp_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_ocsp_user_cert-add-ocsp-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0018crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0018crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0018crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_ocsp_user_cli_ocsp_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add Administrators admin_user > $TmpDir/pki-ocsp-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add Administrators admin_user1 > $TmpDir/pki-ocsp-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_ocsp_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_ocsp_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_ocsp_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_ocsp_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-OCSP-0020: Adding a cert as a OCSP agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid OCSP agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid OCSP agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid auditor user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0021: Adding a cert as valid OCSP auditor user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a OCSP auditor user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0022: Adding a cert as OCSP_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $OCSP_HOST -p $OCSP_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $OCSP_HOST -p $OCSP_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0027crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_adminUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as OCSP_agentUTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0027: Adding a cert as OCSP_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0028crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_agentUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user OCSP_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an OCSP_operatorV ##### + +rlPhaseStartTest "pki_user_cli_user_cert-OCSP-add-0028: Adding a cert as OCSP_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as OCSP_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_user_cli_user_cert-OCSP-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --input $TmpDir/pki_ocsp_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add --input $TmpDir/pki_ocsp_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_user_cli_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_ocsp_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_ocsp_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_user_cli_ocsp_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-ocsp-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# group-member-add Administrators $userid > $TmpDir/pki-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-delete-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-delete-ocsp.sh new file mode 100755 index 000000000..c02f683d2 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-delete-ocsp.sh @@ -0,0 +1,881 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-delete-ocsp Delete the certs assigned to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-delete-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-delete-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Tests to delete certs assigned to OCSP users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-002-tier1: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_ocsp_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-003: pki user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_ocsp_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-004: pki user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-005: pki user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-006-tier1: pki user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-007-tier1: pki user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-008: Delete certs assigned to a user - as OCSP_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-009: Delete certs assigned to a user - as OCSP_auditorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0010: Delete certs assigned to a user - as OCSP_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0011: Delete certs assigned to a user - as OCSP_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0012: Delete certs assigned to a user - as OCSP_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0013: Delete certs assigned to a user - as OCSP_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as OCSP_operatorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-OCSP-0015: Delete certs assigned to a user - as OCSP_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to OCSP users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_ocsp_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-ocsp-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add Administrators admin_user > $TmpDir/pki-user-add-ocsp-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-ocsp-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_ocsp_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_ocsp_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user --input $TmpDir/pki_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user --input $TmpDir/pki_ocsp_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_ocsp_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_ocsp_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add admin_user1 --input $TmpDir/pki_ocsp_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_ocsp_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_ocsp_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_ocsp_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_ocsp_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-find-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-find-ocsp.sh new file mode 100755 index 000000000..68957e67f --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-find-ocsp.sh @@ -0,0 +1,1127 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-find-ocsp Finding the certs assigned to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-user-cli-ocsp-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-find-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Find certs assigned to a OCSP user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-002: Find the certs of a user in OCSP --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 > $TmpDir/pki_ocsp_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-003: Find the certs of a user in OCSP --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 > $TmpDir/pki_ocsp_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_ocsp_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-004: Find the certs of a user in OCSP --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-005: Find the certs of a user in OCSP --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user3 > $TmpDir/pki_ocsp_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_ocsp_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-006: Find the certs of a user in OCSP --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=2 > $TmpDir/pki_ocsp_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_ocsp_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-007: Find the certs of a user in OCSP --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=0 > $TmpDir/pki_ocsp_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_ocsp_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-008: Find the certs of a user in OCSP --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-009: Find the certs of a user in OCSP --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --size=50 > $TmpDir/pki_ocsp_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-010: Find the certs of a user in OCSP --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=2 > $TmpDir/pki_ocsp_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_ocsp_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-011: Find the certs of a user in OCSP --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=0 > $TmpDir/pki_ocsp_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-012: Find the certs of a user in OCSP --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=0 > $TmpDir/pki_ocsp_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_ocsp_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=-1 #### + +rlPhaseStartTest "pki_user_cli_ocsp_user_cert-find-ocsp-013: Find the certs of a user in OCSP --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=50 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-014: Find the certs of a user in OCSP --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=50 > $TmpDir/pki_ocsp_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_ocsp_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-015: Find the certs of a user in OCSP --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_ocsp_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_ocsp_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-016: Find the certs of a user in OCSP --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_ocsp_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --input $TmpDir/pki_ocsp_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --input $TmpDir/pki_ocsp_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --input $TmpDir/pki_ocsp_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --input $TmpDir/pki_ocsp_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $newuserid > $TmpDir/pki_ocsp_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-017: Find the certs of a user in OCSP --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-018: Find the certs of a user in OCSP --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_ocsp_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_ocsp_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-019: Find the certs of a user in OCSP --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_ocsp_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_ocsp_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-020: Find the certs of a user in OCSP --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_ocsp_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_ocsp_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a OCSP user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-021: Find the certs of a user in OCSP --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_ocsp_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to OCSP users - i18n characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_ocsp_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_ocsp_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-find $user1 > $TmpDir/pki_ocsp_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_ocsp_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_ocsp_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-023: Find the certs of a user as OCSP_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a valid auditor user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-024: Find the certs of a user as OCSP_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a valid auditor user" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-025: Find the certs of a user as OCSP_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-026: Find the certs of a user as OCSP_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-027: Find the certs of a user as OCSP_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-028: Find the certs of a user as OCSP_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a user whose OCSP cert has not been trusted ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - userid is missing ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a OCSP user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-ocsp-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-show-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-show-ocsp.sh new file mode 100755 index 000000000..9305388e7 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-cert-show-ocsp.sh @@ -0,0 +1,1119 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-show-ocsp Show the certs assigned to users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-show-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-show-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + +if [ "$ocsp_instance_created" = "TRUE" ] ; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to find certs assigned to OCSP users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_ocsp_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_002crmf.out > $TmpDir/pki_ocsp_user_cert_show_validcert_002crmf.pem" + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_show_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/pki_ocsp_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-003: pki user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-004: pki user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-005: pki user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-006-tier1: pki user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-007-tier1: pki user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-009: pki user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0010: pki user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0012: pki user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0013: pki user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 --output $TmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0014: pki user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_ocsp_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0015: pki user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0017: pki user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0018: pki user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0019-tier1: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_pkcs10_output0019 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/ocsp_user_cert_show_crmf_output0019 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0020: Show certs assigned to a user - as OCSP_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0021: Show certs assigned to a user - as OCSP_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0022: Show certs assigned to a user - as OCSP_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0023: Show certs assigned to a user - as OCSP_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0024: Show certs assigned to a user - as OCSP_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0025: Show certs assigned to a user - as OCSP_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as OCSP operator user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0027: Show certs assigned to a user - as OCSP operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_pkcs10_output0028 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/ocsp_user_cert_show_crmf_output0028 > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/ocsp_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/ocsp_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-0031: pki user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to OCSP users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-show-ocsp-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_ocsp_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_ocsp_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_0032.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add $user1 --input $TmpDir/pki_ocsp_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_ocsp_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_ocsp_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartCleanup "pki_ocsp_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "OCSP instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh index cfd6e90c1..6c29b0e22 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-del-ocsp.sh @@ -3,17 +3,17 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-del CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-del Delete pki subsystem OCSP users. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Author: Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms @@ -37,57 +37,694 @@ . /opt/rhqa_pki/rhcs-shared.sh . /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh - - -######################################################################## -# Test Suite Globals +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-del.sh ######################################################################## run_pki-user-cli-user-del-ocsp_tests(){ - rlPhaseStartSetup "pki_user_cli_user_add-ocsp-startup:Getting nss certificate db " - rlLog "Certificate directory = $CERTDB_DIR" + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$ocsp_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli_user_del-OCSP-ocsp-configtest-001: pki user-del --help configuration test" + rlRun "pki user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki user-del --help" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" rlPhaseEnd - rlPhaseStartCleanup "pki_user_cli_user_add-cleanup: Delete temp dir" - del_user=($OCSP_adminV_user $OCSP_adminR_user $OCSP_adminE_user $OCSP_adminUTOCSP_user $OCSP_agentV_user $OCSP_agentR_user $OCSP_agentE_user $OCSP_agentUTOCSP_user $OCSP_auditV_user $OCSP_operatorV_user) + rlPhaseStartTest "pki_user_cli_user_del-OCSP-ocsp-configtest-002: pki user-del configuration test" + rlRun "pki user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki user-del" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" + rlPhaseEnd - #===Deleting users created using OCSP_adminV cert===# + rlPhaseStartTest "pki_user_cli_user_del-OCSP-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + + #===Deleting users created using ${prefix}_adminV cert===# i=1 while [ $i -lt 25 ] ; do rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user1-00$i.out" \ 0 \ "Deleted user u$i" - rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let i=$i+1 + done + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user $usr" let i=$i+1 done - #===Deleting users(symbols) created using OCSP_adminV cert===# + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# j=1 while [ $j -lt 8 ] ; do eval usr=\$user$j rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ - 0 \ - "Deleted user $usr" - rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" let j=$j+1 done - i=0 - while [ $i -lt ${#del_user[@]} ] ; do - userid_del=${del_user[$i]} - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - user-del $userid_del > $TmpDir/pki-user-del-ocsp-00$i.out" \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del USER_ABC > $TmpDir/pki-user-del-ocsp-user-002_1.out" \ 0 \ - "Deleted user $userid_del" - rlAssertGrep "Deleted user \"$userid_del\"" "$TmpDir/pki-user-del-ocsp-00$i.out" - let i=$i+1 - done + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-user-del-ocsp-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del > $TmpDir/pki-user-del-ocsp-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/pki-user-del-ocsp-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-ocsp-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del \"$user2\" > $TmpDir/pki-user-del-ocsp-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-ocsp-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test '$userid' > $TmpDir/pki-user-add-ocsp-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del '$userid' > $TmpDir/pki-user-del-ocsp-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-ocsp-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show '$userid' > $TmpDir/pki-user-del-ocsp-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-user-del-ocsp-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test ocsp_agent" + email="ocsp_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-user-add-ocsp-008.out" \ + 0 \ + "Add user $user1 to OCSP -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user1 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del $user1 > $TmpDir/pki-user-del-ocsp-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-user-del-ocsp-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-user-add-ocsp-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u22 > $TmpDir/pki-user-del-ocsp-user-009.out" \ + 0 \ + "Deleting user u22 using -t ocsp option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-user-del-ocsp-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-010: Should not be able to delete user using a revoked cert OCSP_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-user-add-ocsp-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u23 > $TmpDir/pki-user-show-ocsp-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ocsp-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ocsp-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ocsp-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-011: Should not be able to delete user using a agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u23 > $TmpDir/pki-user-show-ocsp-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ocsp-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ocsp-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-ocsp-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u23 > $TmpDir/pki-user-del-ocsp-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-012: Should not be able to delete user using a valid agent OCSP_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-user-add-ocsp-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-013: Should not be able to delete user using a admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-014: Should not be able to delete a user using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-015: Should not be able to delete user using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a audit cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-016: Should not be able to delete user using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-del-ocsp-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-del-ocsp-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-ocsp-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u24 > $TmpDir/pki-user-del-ocsp-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-019: delete user name with i18n characters" + rlLog "user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-user-add-ocsp-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-ocsp-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-ocsp-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u19 > $TmpDir/pki-user-del-ocsp-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-ocsp-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-OCSP-020: delete username with i18n characters" + rlLog "user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-user-add-ocsp-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-ocsp-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-ocsp-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u20 > $TmpDir/pki-user-del-ocsp-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-ocsp-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + rlPhaseStartCleanup "pki_user_cli_user_del-ocsp_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh index d1db22d65..8517848b3 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-find-ocsp.sh @@ -3,17 +3,17 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-find CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-find To list users in OCSP. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Author: Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms @@ -35,178 +35,769 @@ . /usr/bin/rhts-environment.sh . /usr/share/beakerlib/beakerlib.sh . /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh . /opt/rhqa_pki/env.sh ######################################################################## -# Test Suite Globals -######################################################################## - -user1="ocsp_agent2" -user1fullname="Test ocsp_agent" - - +#create_role_users.sh should be first executed prior to pki-user-cli-user-find.sh ######################################################################## run_pki-user-cli-user-find-ocsp_tests(){ - rlPhaseStartSetup "pki_user_cli_user_find-startup: Getting nss certificate db" - admin_cert_nickname="PKI Administrator for $OCSP_DOMAIN" - CERTDB_DIR_PASSWORD="Password" - rlLog "Admin Certificate is located at: $OCSP_ADMIN_CERT_LOOCSPTION" + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" rlRun "pushd $TmpDir" - rlLog "Temp Directory = $TmpDir" - rlRun "mkdir $CERTDB_DIR" - rlLog "importP12File $OCSP_ADMIN_CERT_LOOCSPTION $OCSP_CLIENT_PKCS12_PASSWORD $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert_nickname" - rlRun "importP12File $OCSP_ADMIN_CERT_LOOCSPTION $OCSP_CLIENT_PKCS12_PASSWORD $CERTDB_DIR $CERTDB_DIR_PASSWORD $admin_cert_nickname" 0 "Import Admin certificate to $CERTDB_DIR" - rlRun "install_and_trust_OCSP_cert $OCSP_SERVER_ROOT $CERTDB_DIR" - rlPhaseEnd + rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-OCSP-add: Add users to OCSP" + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$ocsp_instance_created" = "TRUE" ] ; then + user1=ocsp_agent2 + user1fullname="Test ocsp_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + + rlPhaseStartSetup "pki_user_cli_user_find-ocsp-startup-addusers: Add users" i=1 - while [ $i -le 5 ] ; do - rlLog "Adding user user1$i" - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-add --fullName=\"fullname1$i\" user1$i > $TmpDir/pki-user-find-ocsp-a00$i.out 2>&1" \ - 0 \ - "Add user user1$i to OCSP" - rlAssertGrep "Added user \"user1$i\"" "$TmpDir/pki-user-find-ocsp-a00$i.out" - rlAssertGrep "User ID: user1$i" "$TmpDir/pki-user-find-ocsp-a00$i.out" - rlAssertGrep "Full name: fullname1$i" "$TmpDir/pki-user-find-ocsp-a00$i.out" - let i=$i+1 - done - rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_find-ocsp-001: Find 5 users, --size=5" + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-configtest-001: pki user-find --help configuration test" + rlRun "pki user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki user-find --help" + rlAssertGrep "usage: user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-configtest-002: pki user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-003: Find 5 users, --size=5" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=5 > $TmpDir/pki-user-find-ocsp-001.out 2>&1" \ - 0 \ - "Found 5 users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=5 > $TmpDir/pki-user-find-ocsp-001.out 2>&1" \ + 0 \ + "Found 5 users" rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-find-ocsp-001.out" rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_find-ocsp-002: Find non user, --size=0" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-004: Find non user, --size=0" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=0 > $TmpDir/pki-user-find-ocsp-002.out 2>&1" \ - 0 \ - "Found no users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=0 > $TmpDir/pki-user-find-ocsp-002.out 2>&1" \ + 0 \ + "Found no users" rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-002.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-003: Find all users, maximum possible value as input" - maximum_check=1000000 + rlPhaseStartTest "pki_user_cli_user_find-ocsp-005: Find all users, large value as input" + large_num=1000000 rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=$maximum_check > $TmpDir/pki-user-find-ocsp-003.out 2>&1" \ - 0 \ - "All users" - rlAssertGrep "Number of entries returned " "$TmpDir/pki-user-find-ocsp-003.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$large_num > $TmpDir/pki-user-find-ocsp-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-user-find-ocsp-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-004: Find users, check for negative input --size=-1" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=-1 > $TmpDir/pki-user-find-ocsp-004.out 2>&1" \ - 0 \ - "No users returned as the size entered is negative value" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-ocsp-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-user-find-ocsp-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-ocsp-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-ocsp-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=-1 > $TmpDir/pki-user-find-ocsp-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-004.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-005: Find users for size input as noninteger, --size=abc" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-009: Find users for size input as noninteger, --size=abc" size_noninteger="abc" - rlLog "Executing: pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=$size_noninteger > $TmpDir/pki-user-find-ocsp-005.out 2>&1" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size=$size_noninteger > $TmpDir/pki-user-find-ocsp-005.out 2>&1" \ - 1 \ - "Found 5 users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$size_noninteger > $TmpDir/pki-user-find-ocsp-005.out 2>&1" \ + 255 \ + "No users returned" rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-ocsp-005.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-006: Find users, check for no input --size= " + rlPhaseStartTest "pki_user_cli_user_find-ocsp-010: Find users, check for no input --size=" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --size= > $TmpDir/pki-user-find-ocsp-006.out 2>&1" \ - 1 \ - "No users returned, as --size= " + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size= > $TmpDir/pki-user-find-ocsp-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-ocsp-006.out" rlPhaseEnd - - rlPhaseStartTest "pki_user_cli_user_find-ocsp-007: Find users, --start=10 " + rlPhaseStartTest "pki_user_cli_user_find-ocsp-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find > $TmpDir/pki-user-find-ocsp-007_1.out 2>&1" \ + 0 \ + "Get all users in OCSP" + user_entry_10=`cat $TmpDir/pki-user-find-ocsp-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=10 > $TmpDir/pki-user-find-ocsp-007.out 2>&1" \ - 0 \ - "Displays users from the 10th user and the next to the maximum 20 users, if available " - rlAssertGrep "Number of entries returned " "$TmpDir/pki-user-find-ocsp-007.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=10 > $TmpDir/pki-user-find-ocsp-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-user-find-ocsp-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-ocsp-007.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-008: Find users, --start=10000, maximum possible input " + rlPhaseStartTest "pki_user_cli_user_find-ocsp-012: Find users, --start=10000, large possible input" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=10000 > $TmpDir/pki-user-find-ocsp-008.out 2>&1" \ - 0 \ - "No users" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=10000 > $TmpDir/pki-user-find-ocsp-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-008.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-009: Find users, --start=0" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$maximum_check" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=0 > $TmpDir/pki-user-find-ocsp-009.out 2>&1" \ - 0 \ - "Displays from the zeroth user, maximum possible are 20 users in a page" - rlAssertGrep "Number of entries returned" "$TmpDir/pki-user-find-ocsp-009.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-ocsp-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-008_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-0010: Find users, --start=-1" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$maximum_check" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=-1 > $TmpDir/pki-user-find-ocsp-0010.out 2>&1" \ - 0 \ - "Maximum possible 20 users are returned, starting from the zeroth user" - rlAssertGrep "Number of entries returned" "$TmpDir/pki-user-find-ocsp-0010.out" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-ocsp-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-ocsp-008_3.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_find-ocsp-0011: Find users for size input as noninteger, --start=abc" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-015: Find users, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=0 > $TmpDir/pki-user-find-ocsp-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-ocsp-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=-1 > $TmpDir/pki-user-find-ocsp-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-user-find-ocsp-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-017: Find users for size input as noninteger, --start=abc" size_noninteger="abc" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-find --start=$size_noninteger > $TmpDir/pki-user-find-ocsp-0011.out 2>&1" \ - 1 \ - "Incorrect input to find user" + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=$size_noninteger > $TmpDir/pki-user-find-ocsp-0011.out 2>&1" \ + 255 \ + "Incorrect input to find user" rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-ocsp-0011.out" rlPhaseEnd - rlPhaseStartTest "Cleanup: Delete the OCSP users" - i=1 - while [ $i -le 5 ] ; do - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - user-del user1$i" \ - 0 \ - "Delete user user1$i" + rlPhaseStartTest "pki_user_cli_user_find-ocsp-018: Find users, check for no input --start= " + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start= > $TmpDir/pki-user-find-ocsp-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-ocsp-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find > $TmpDir/pki-user-find-ocsp-00_13_1.out 2>&1" \ + 0 \ + "Get all users in OCSP" + user_entry_12=`cat $TmpDir/pki-user-find-ocsp-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=12 --size=12 > $TmpDir/pki-user-find-ocsp-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-user-find-ocsp-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-user-find-ocsp-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find > $TmpDir/pki-user-find-ocsp-00_14_1.out 2>&1" \ + 0 \ + "Get all users in OCSP" + user_entry_12=`cat $TmpDir/pki-user-find-ocsp-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=12 --size=0 > $TmpDir/pki-user-find-ocsp-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-ocsp-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-021: Should not be able to find user using a revoked cert OCSP_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-022: Should not be able to find users using an agent with revoked cert OCSP_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-023: Should not be able to find users using a valid agent OCSP_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-ocsp-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-025: Should not be able to find users using admin user with expired cert OCSP_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-ocsp-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-026: Should not be able to find users using OCSP_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-ocsp-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-027: Should not be able to find users using a OCSP_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-ocsp-auditV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-028: Should not be able to find users using a OCSP_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-ocsp-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -t ocsp \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-ocsp-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + -t ocsp \ + user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password -t ocsp user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-find-ocsp-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-ocsp-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-user-find-ocsp-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-ocsp-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-ocsp-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-ocsp-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-ocsp-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u26 > $TmpDir/pki-user-show-ocsp-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-ocsp-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-show-ocsp-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-ocsp-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" let i=$i+1 done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi } diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-add-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-add-ocsp.sh new file mode 100755 index 000000000..9e59ccbac --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-add-ocsp.sh @@ -0,0 +1,840 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-add Add OCSP user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-ocsp.sh +###################################################################################### + +######################################################################## +run_pki-user-cli-user-membership-add-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$ocsp_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-002: pki user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership > $TmpDir/pki_user_membership_cfg.out 2>&1" \ + 0 \ + "pki user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-find Find user memberships" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-add Add user membership" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-del Remove user membership" "$TmpDir/pki_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-003: pki user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add --help > $TmpDir/pki_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki user-membership-add --help" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-004: pki user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add > $TmpDir/pki_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-005: Add users to available groups using valid admin user OCSP_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-006: Add a user to all available groups using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show userall > $TmpDir/pki-user-membership-add-user-show-ocsp-userall-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-add-user-show-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-show-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-show-ocsp-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show user1 > $TmpDir/pki-user-membership-add-user-show-ocsp-user1-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-user-membership-add-user-show-ocsp-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-show-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-show-ocsp-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-add-user-add-ocsp-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-009: Should be able to user-membership-add user name with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='ÖrjanÄke' u9" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add u9 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-ocsp-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-ocsp-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-find u9" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-010: Should be able to user-membership-add user to group id with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-ocsp-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ocsp-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u10 > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-011: Should not be able to user-membership-add using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminR -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-012: Should not be able to user-membership-add using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-013: Should not be able to user-membership-add using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${OCSP_INST}_adminE -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-014: Should not be able to user-membership-add using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-015: Should not be able to user-membership-add using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_auditV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-016: Should not be able to user-membership-add using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n ${OCSP_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-017: Should not be able to user-membership-add using OCSP_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-user-membership-add-user-add-ocsp-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user2 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find $user2 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" \ + 0 \ + "Find user-membership to groups of $user2" + rlAssertGrep "7 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" + rlAssertGrep "Number of entries returned 7" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $OCSP_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${OCSP_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-ocsp-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-ocsp-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user2 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid4\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-usertest2-019_2.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-ocsp-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find $user2 > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest1-019_3.out" \ + 0 \ + "Check user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test_user u19 > $TmpDir/pki-user-add-ocsp-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-ocsp-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-ocsp-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ocsp-019_4.out" + rlPhaseEnd + + #Usability test + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-019: User associated with Certificate Manager Agents group only can list CAs" + local user3="testuser3" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user3\" $user3 > $TmpDir/pki-user-membership-add-user-add-ocsp-user3-019.out" \ + 0 \ + "Adding user $user3" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user3 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user3 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-$user3-00$i.out" \ + 0 \ + "Adding user to all groups except Data Recovery Manager Agents group - now adding to \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-$user3-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-$user3-00$i.out" + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User3\" \"$user3\" \ + \"$user3@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $OCSP_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user3 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_020_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${OCSP_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add $user3 --input $TmpDir/validcert_020_1.pem > $TmpDir/useraddcert_020_2.out" \ + 0 \ + "Cert is added to the user $user3" + + rlLog "Check $user3 is not in group Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find $user3 > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest3-020_1.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertNotGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest3-020_1.out" + + #Trying to perform List CAs using $user3's cert should fail + local request_header_out="$TmpDir/request_header_out" + rlRun "export SSL_DIR=$TmpDir" + command="curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\"" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Trying to perform List CAs using $user3's cert should fail" + + #Add user $user3 to Certificate Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-usertest3-020_3.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-usertest3-020_3.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-ocsp-usertest3-020_3.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find $user3 > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest3-020_4.out" \ + 0 \ + "Check user-membership to group \"$groupid1\"" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-usertest3-020_4.out" + + #Trying to perform List CAs using $user3's cert should succeed + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$request_header_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-OCSP-020: Should not be able to add user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -t ocsp user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-add-ocsp-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del userall > $TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user1 > $TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u19 > $TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-ocsp-user-membership-add-user-del-ocsp-u19-001.out" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del testuser$i > $TmpDir/pki-user-membership-add-ocsp-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-user-membership-add-ocsp-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${OCSP_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-del-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-del-ocsp.sh new file mode 100755 index 000000000..da99ed027 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-del-ocsp.sh @@ -0,0 +1,877 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-membership-del OCSP CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-ocsp.sh +###################################################################################### + +run_pki-user-cli-user-membership-del-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups ocsp-group-find + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-002: pki user-membership-del --help configuration test" + rlRun "pki user-membership-del --help > $TmpDir/pki_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki user-membership-del --help" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-003: pki user-membership-del configuration test" + rlRun "pki user-membership-del > $TmpDir/pki_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-004: Delete user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-ocsp-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-ocsp-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del u$i \"$gid\" > $TmpDir/pki-user-membership-del-groupdel-del-ocsp-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupdel-del-ocsp-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-005: Delete user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-ocsp-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-ocsp-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-ocsp-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-ocsp-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 8 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del userall \"$gid\" > $TmpDir/pki-user-membership-del-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupadd-ocsp-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del user1 > $TmpDir/pki-user-membership-del-groupadd-ocsp-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID>" "$TmpDir/pki-user-membership-del-groupadd-ocsp-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-user-membership-add-user-add-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add user2 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del \"\" \"Administrators\" > $TmpDir/pki-user-membership-del-groupadd-ocsp-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-membership-del-groupadd-ocsp-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-008: Should not be able to user-membership-del using a revoked cert OCSP_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-009: Should not be able to user-membership-del using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-010: Should not be able to user-membership-del using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a valid agent cert OCSP_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-011: Should not be able to user-membership-del using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-012: Should not be able to user-membership-del using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-013: Should not be able to user-membership-del using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-014: Should not be able to user-membership-del using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-015: Should not be able to user-membership-del using OCSP_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-016: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-ocsp-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ocsp-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-ocsp-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-ocsp-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-ocsp-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-ocsp-017_2.out" + rlLog "Delete user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del u10 'dadministʁasjɔ̃' > $TmpDir/pki-user-membership-del-ocsp-017_3.out" \ + 0 \ + "Delete user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-ocsp-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-017_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-017: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u11 > $TmpDir/pki-user-add-ocsp-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-ocsp-018.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-ocsp-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u11 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-ocsp-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-ocsp-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-ocsp-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-del-ocsp-018_3.out" \ + 0 \ + "Delete user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-del-ocsp-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u11 > $TmpDir/pki-user-membership-del-groupadd-del-ocsp-018_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-del-groupadd-del-ocsp-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-018: Delete user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-del-user-del-ocsp-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-del-user-del-ocsp-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-del-user-del-ocsp-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-del-user-del-ocsp-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-user-membership-del-user-del-ocsp-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-membership-del-user-del-ocsp-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-membership-del-user-del-ocsp-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-user-membership-del-user-del-ocsp-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u12 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u12 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-member-find Administrators > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u12 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-member-find $groupid4 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_7.out" \ + 0 \ + "List members of $groupid4 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-del-user-add-ocsp-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-add --fullName=test_user u9" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-ocsp-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ocsp-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-user-membership-del-groupdel-del-ocsp-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-user-membership-del-groupdel-del-ocsp-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-OCSP-021: User deleted from the Data Recovery Manager Agents group can not list CAs" + local user3="testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add $user3 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-ocsp-22.out" \ + 0 \ + "Adding user $user3 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-22.out" + + #Trying to perform List CAs using $user3's cert should succeed + rlRun "export SSL_DIR=$TmpDir" + local request_header_out="$TmpDir/request_header_out" + rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" + rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\" > $TmpDir/list_ca.out" 0 "List existing CAs" + rlAssertGrep "HTTP/1.1 200 OK" "$request_header_out" + rlAssertGrep "record.Id=\"CN=PKI $CA_INST Signing Cert,O=redhat\"" "$TmpDir/list_ca.out" + + #Delete $user3 from Online Certificate Status Manager Agents group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-del $user3 \"$groupid1\" > $TmpDir/pki-user-membership-del-groupdel-del-ocsp-022_3.out" \ + 0 \ + "User deleted from group \"$groupid1\"" + rlAssertGrep "Deleted membership in group \"$groupid1\"" "$TmpDir/pki-user-membership-del-groupdel-del-ocsp-022_3.out" + + + #Trying to perform List CAs using $user3's cert should fail + local request_header_out="$TmpDir/request_header_out" + rlRun "export SSL_DIR=$TmpDir" + command="curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $request_header_out -E $user3:$TEMP_NSS_DB_PASSWORD -k \"https://$SUBSYSTEM_HOST:$(eval echo \$${subsystemId}_UNSECURE_PORT)/ocsp/agent/ocsp/listCAs\"" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Trying to perform List CAs using $user3's cert should fail" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-del-ocsp-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 12 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del userall > $TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user1 > $TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user2 > $TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-ocsp-user-membership-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user123 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del testuser1 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-testuser1.out" + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-find-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-find-ocsp.sh new file mode 100755 index 000000000..f2251e82e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-membership-find-ocsp.sh @@ -0,0 +1,765 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-find Find OCSP user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-find-ocsp.sh +###################################################################################### + +run_pki-user-cli-user-membership-find-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups ocsp-group-find + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-002: pki user-membership-find --help configuration test" + rlRun "pki user-membership-find --help > $TmpDir/pki_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki user-membership-find --help" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-003: pki user-membership-find configuration test" + rlRun "pki user-membership-find > $TmpDir/pki_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-004: Find user-membership when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-find-user-find-ocsp-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-find-user-find-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-find-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-find-ocsp-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u$i > $TmpDir/pki-user-membership-find-user-show-ocsp-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-find-user-show-ocsp-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-show-ocsp-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-show-ocsp-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-ocsp-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-ocsp-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u$i > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-00$i.out" \ + 0 \ + "Find user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-005: Find user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-find-user-find-ocsp-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-find-user-find-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-find-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-find-ocsp-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show userall > $TmpDir/pki-user-membership-find-user-show-ocsp-userall-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-find-user-show-ocsp-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-show-ocsp-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-show-ocsp-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-ocsp-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-ocsp-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-userall-00$i.out" \ + 0 \ + "Find user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-006: Find user-membership of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=5 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlAssertGrep "Group: $groupid6" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlAssertGrep "Group: $groupid7" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlAssertGrep "Group: $groupid8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlAssertGrep "Number of entries returned 3" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-007: Find all user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=0 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-002.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-008: Find user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=-1 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-003.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-003.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-009: Find user-memberships when page start greater than available number of groups (start=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=9 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-004.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-010: Should not be able to find user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -t ocsp user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-011: Find user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=0 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-012: Find user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=1 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-013: Find user-memberships when page size is 2 (size=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=2 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" 0 \ + "user_membership-find with size parameter as 2" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-014: Find user-memberships when page size is 9 (size=9)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=9 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-009.out" 0 \ + "user_membership-find with size parameter as 9" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-009.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-015: Find user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=100 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0010.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 8" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-016: Find user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=-1 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-017: Should not be able to find user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-018: Find user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=6 --size=5 > $TmpDir/pki-user-membership-find-ocsp-019.out" \ + 0 \ + "Find user-membership with page start and page size option" + rlAssertGrep "8 entries matched" "$TmpDir/pki-user-membership-find-ocsp-019.out" + i=7 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-ocsp-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-ocsp-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-019: Find user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --size=$maximum_check > $TmpDir/pki-user-membership-find-ocsp-020.out 2>&1" \ + 255 \ + "Find user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-ocsp-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-020: Find user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find userall --start=$maximum_check > $TmpDir/pki-user-membership-find-ocsp-021.out 2>&1" \ + 255 \ + "Find user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-ocsp-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-021: Should not be able to user-membership-find using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-022: Should not be able to user-membership-find using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-023: Should not be able to user-membership-find using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid agent OCSP_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-024: Should not be able to user-membership-find using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired admin OCSP_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-025: Should not be able to user-membership-find using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired agent OCSP_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-026: Should not be able to user-membership-find using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid auditor OCSP_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-027: Should not be able to user-membership-find using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid operator OCSP_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-028: Should not be able to user-membership-find using OCSP_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD -t ocsp user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-029:Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='Éric Têko' u9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-ocsp-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-ocsp-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-ocsp-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-ocsp-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u9 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-ocsp-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-ocsp-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-ocsp-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u9 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-031_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-030: Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u10 > $TmpDir/pki-user-add-ocsp-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-ocsp-032.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-ocsp-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-ocsp-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-ocsp-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-ocsp-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-ocsp-032_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-ocsp-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-OCSP-031: Find user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-find-user-find-ocsp-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-find-user-find-ocsp-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-find-user-find-ocsp-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-find-user-find-ocsp-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t ocsp user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-user-membership-find-user-find-ocsp-033_2.out" 0 "Find user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-user-find-ocsp-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-find-ocsp-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del userall > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del user123 > $TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ocsp-user-membership-find-user-del-ocsp-user123.out" + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-mod-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-mod-ocsp.sh new file mode 100755 index 000000000..5de4950cd --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-mod-ocsp.sh @@ -0,0 +1,1154 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-mod Modify existing users in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath <rpattath@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-mod-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-user-cli-user-mod-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + OCSP_HOST=$(eval echo \$${MYROLE}) + OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + user1=ocsp_user + user1fullname="Test ocsp user" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + user1_mod_fullname="Test ocsp user modified" + user1_mod_email="testocspuser@myemail.com" + user1_mod_passwd="Secret1234" + user1_mod_state="NC" + user1_mod_phone="1234567890" + randsym="" + i18nuser=i18nuser + i18nuserfullname="Örjan Äke" + i18nuser_mod_fullname="kakskümmend" + i18nuser_mod_email="kakskümmend@example.com" + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_auditV_user=${subsystemId}_auditV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-002: Modify a user's fullname in OCSP using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-ocsp-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-ocsp-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-ocsp-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-003: Modify a user's email,phone,state,password in OCSP using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-ocsp-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-ocsp-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-ocsp-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-ocsp-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-ocsp-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-ocsp-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-ocsp-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-ocsp-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-ocsp-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-005:--email with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"$randsym\" u2 > $TmpDir/pki-ocsp-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-ocsp-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-ocsp-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-ocsp-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=# u3 > $TmpDir/pki-ocsp-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-ocsp-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-ocsp-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-ocsp-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=* u4 > $TmpDir/pki-ocsp-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-ocsp-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-ocsp-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-ocsp-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=$ u5 > $TmpDir/pki-ocsp-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-ocsp-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-ocsp-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-ocsp-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=0 u6 > $TmpDir/pki-ocsp-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-ocsp-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-ocsp-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-ocsp-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-ocsp-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-ocsp-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-ocsp-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod-011:--state with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=\"$randsym\" u8 > $TmpDir/pki-ocsp-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-ocsp-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-ocsp-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-ocsp-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=# u9 > $TmpDir/pki-ocsp-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-ocsp-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-ocsp-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-ocsp-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=* u10 > $TmpDir/pki-ocsp-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-ocsp-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-ocsp-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-ocsp-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=$ u11 > $TmpDir/pki-ocsp-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-ocsp-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-ocsp-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-ocsp-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --state=0 u12 > $TmpDir/pki-ocsp-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-ocsp-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-ocsp-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-ocsp-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-ocsp-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-ocsp-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-ocsp-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-017:--phone with maximum length and symbols " + randsym_b64=$(openssl rand -base64 90000 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + special_symbols="#$@*" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone='$randsym$special_symbols' usr1" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-018:--phone with maximum length and numbers only " + randhex=$(openssl rand -hex 1024) + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone=\"$randsym\" usr1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-ocsp-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"usr1\"" "$TmpDir/pki-ocsp-user-mod-018.out" + rlAssertGrep "User ID: usr1" "$TmpDir/pki-ocsp-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-ocsp-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --phone=-1230 u14 > $TmpDir/pki-ocsp-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-ocsp-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-ocsp-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-ocsp-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-ocsp-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-023: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_user_cli_user_mod-ocsp-024: Modify a user -- all options provided" + email="ocsp_user2@myemail.com" + user_password="ocspuser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-ocsp-user-mod-025.out" \ + 0 \ + "Modify user u15 to OCSP -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-028: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-029: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-030: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-031: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using audit users##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-032: Should not be able to modify user using an auditor user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-033: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as OCSP_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted OCSP users##### + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-034: Should not be able to modify user using a cert created from a untrusted OCSP role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-035: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName='$user1fullname' u18" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-036: Modify a user in OCSP using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-037: Modify a user in OCSP using OCSP admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show u16 > $TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"\" u16 > $TmpDir/pki-ocsp-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-038: Modify a user in OCSP using OCSP_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show u16 > $TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-ocsp-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-039: Modify a user in OCSP using an admin user in OCSP - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show u16 > $TmpDir/pki-ocsp-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-ocsp-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify OCSP users with the same value #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-040: Modify a user in OCSP using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show $user1 > $TmpDir/pki-ocsp-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-ocsp-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-ocsp-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-ocsp-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-ocsp-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-ocsp-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-ocsp-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify CA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_ocsp-041: Modify a user in OCSP using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show u16 > $TmpDir/pki-ocsp-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-ocsp-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-ocsp-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --email=\"$email\" u16 > $TmpDir/pki-ocsp-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-ocsp-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-ocsp-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-ocsp-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-ocsp-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify OCSP users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-042: Modify a user's fullname having i18n chars in OCSP using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-ocsp-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-ocsp-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-ocsp-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-ocsp-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify OCSP users having i18n chars in email #### + +rlPhaseStartTest "pki_user_cli_user_mod_ocsp-043: Modify a user's email having i18n chars in OCSP using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_user_cli_user_ocsp_cleanup: Deleting role users" + + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del usr$i > $TmpDir/pki-usr-del-ocsp-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-ocsp-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del $i18nuser > $TmpDir/pki-user-del-ocsp-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-user-del-ocsp-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd + else + rlLog "OCSP instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-ocsp.sh deleted file mode 100755 index bf10afd7f..000000000 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-ocsp.sh +++ /dev/null @@ -1,335 +0,0 @@ -#!/bin/bash -#!/usr/bin/expect -f - -# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Author: Asha Akkiangady <aakkiang@redhat.com> -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. -# -# This copyrighted material is made available to anyone wishing -# to use, modify, copy, or redistribute it subject to the terms -# and conditions of the GNU General Public License version 2. -# -# This program is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied -# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -# PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301, USA. -# -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -# Include rhts environment -. /usr/bin/rhts-environment.sh -. /usr/share/beakerlib/beakerlib.sh -. /opt/rhqa_pki/rhcs-shared.sh -. /opt/rhqa_pki/pki-cert-cli-lib.sh -. /opt/rhqa_pki/env.sh - -######################################################################## -# Test Suite Globals -######################################################################## -OCSP_adminV_user=OCSP_adminV -OCSP_adminV_fullName=OCSP_Admin_ValidCert -OCSP_adminR_user=OCSP_adminR -OCSP_adminR_fullName=OCSP_Admin_RevokedCert -OCSP_adminE_user=OCSP_adminE -OCSP_adminE_fullName=OCSP_admin_ExpiredCert -OCSP_adminUTOCSP_user=OCSP_adminUTCA -OCSP_adminUTOCSP_fullName=OCSP_Admin_CertIssuedByUntrustedCA - -OCSP_agentV_user=OCSP_agentV -OCSP_agentV_fullName=OCSP_Agent_ValidCert -OCSP_agentR_user=OCSP_agentR -OCSP_agentR_fullName=OCSP_Agent_RevokedCert -OCSP_agentE_user=OCSP_agentE -OCSP_agentE_fullName=OCSP_agent_ExpiredCert -OCSP_agentUTOCSP_user=OCSP_agentUTCA -OCSP_agentUTOCSP_fullName=OCSP_Agent_CertIssuedByUntrustedCA - -OCSP_auditV_user=OCSP_auditV -OCSP_auditV_fullName=OCSP_Audit_ValidCert -OCSP_operatorV_user=OCSP_operatorV -OCSP_operatorV_fullName=OCSP_Operator_ValidCert - -export OCSP_adminV_user OCSP_adminR_user OCSP_adminE_user OCSP_adminUTOCSP_user OCSP_agentV_user OCSP_agentR_user OCSP_agentE_user OCSP_agentUTOCSP_user OCSP_auditV_user OCSP_operatorV_user -###################################################################### - -run_pki-user-cli-user-ocsp_tests(){ - rlPhaseStartSetup "pki_user_cli_user_add-ocsp-startup:Getting nss certificate db " - rlLog "Certificate directory = $CERTDB_DIR" - rlPhaseEnd - rlPhaseStartSetup "pki_user_cli_user_ocsp-startup: Importing ocsp agent cert into certificate db and trust OCSP root cert" - rlRun "install_and_trust_OCSP_cert $OCSP_SERVER_ROOT $CERTDB_DIR" - rlRun "install_and_trust_OCSP_cert $OCSP_SERVER_ROOT $CERTDB_DIR" - rlPhaseEnd - rlPhaseStartSetup "Creating user, create user and add it to the user, add user to the group" - user=($OCSP_adminV_user $OCSP_adminV_fullName $OCSP_adminR_user $OCSP_adminR_fullName $OCSP_adminE_user $OCSP_adminE_fullName $OCSP_adminUTOCSP_user $OCSP_adminUTOCSP_fullName $OCSP_agentV_user $OCSP_agentV_fullName $OCSP_agentR_user $OCSP_agentR_fullName $OCSP_agentE_user $OCSP_agentE_fullName $OCSP_agentUTOCSP_user $OCSP_agentUTOCSP_fullName $OCSP_auditV_user $OCSP_auditV_fullName $OCSP_operatorV_user $OCSP_operatorV_fullName) - i=0 - while [ $i -lt ${#user[@]} ] ; do - userid=${user[$i]} - userfullName=${user[$i+1]} - - #Create $userid user - rlLog "Executing: pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add --fullName=\"$userfullName\" $userid" - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add --fullName=\"$userfullName\" $userid" \ - 0 \ - "Add user $userid to OCSP" - - #=====Adding user to respective group. Administrator, Date Recovery Manager Agent, Auditor=====# - if [ $userid == $OCSP_adminV_user -o $userid == $OCSP_adminR_user -o $userid == $OCSP_adminE_user -o $userid == $OCSP_adminUTOCSP_user ]; then - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - group-add-member Administrators $userid > $TmpDir/pki-user-add-ocsp-group001$i.out" \ - 0 \ - "Add user $userid to Administrators group" - rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-ocsp-group001$i.out" - rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-ocsp-group001$i.out" - elif [ $userid == $OCSP_agentV_user -o $userid == $OCSP_agentR_user -o $userid == $OCSP_agentE_user -o $userid == $OCSP_agentUTOCSP_user ]; then - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - group-add-member \"Data Recovery Manager Agents\" $userid > $TmpDir/pki-user-add-ocsp-group001$i.out" \ - 0 \ - "Add user $userid to Data Recovery Manager Agents group" - rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-ocsp-group001$i.out" - rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-ocsp-group001$i.out" - - elif [ $userid == $OCSP_auditV_user ]; then - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - group-add-member Auditors $userid > $TmpDir/pki-user-add-ocsp-group001$i.out" \ - 0 \ - "Add user $userid to Auditors group" - rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-ocsp-group001$i.out" - rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-ocsp-group001$i.out" - - elif [ $userid == $OCSP_operatorV_user ]; then - rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - group-add-member \"Trusted Managers\" $userid > $TmpDir/pki-user-add-ocsp-group001$i.out" \ - 0 \ - "Add user $userid to Trusted Managers group" - rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-ocsp-group001$i.out" - rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-ocsp-group001$i.out" - fi - #================# - - if [ $userid == $OCSP_adminV_user -o $userid == $OCSP_adminR_user -o $userid == $OCSP_adminE_user -o $userid == $OCSP_agentV_user -o $userid == $OCSP_agentR_user -o $userid == $OCSP_agentE_user -o $userid == $OCSP_auditV_user -o $userid == $OCSP_operatorV_user ]; then - - #Create a cert and add it to the $userid user - rlLog "Admin Certificate is located at: $OCSP_ADMIN_CERT_LOCATION" - local sample_request_file1="/opt/rhqa_pki/cert_request_caUserCert1_1.in" - local sample_request_file2="/opt/rhqa_pki/cert_request_caUserCert1_2.in" - local temp_file="$CERTDB_DIR/certrequest_ocsp_001$i.in" - #rlRun "create_certdb \"$CERTDB_DIR\" Password" 0 "Create a certificate db" - rlRun "generate_PKCS10 \"$CERTDB_DIR\" Password rsa 2048 \"$CERTDB_DIR/request_ocsp_001$i.out\" \"CN=adminV\" " 0 "generate PKCS10 certificate" - - rlLog "Create a certificate request XML file.." - local search_string1="<InputAttr name=\"cert_request_type\">crmf<\/InputAttr>" - local replace_string1="\<InputAttr name=\"cert_request_type\"\>pkcs10\<\/InputAttr\>" - rlRun "sed -e '/-----BEGIN NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_ocsp_001$i.out" - rlRun "sed -e '/-----END NEW CERTIFICATE REQUEST-----/d' -i $CERTDB_DIR/request_ocsp_001$i.out" - #local cert_request=`cat /tmp/request_001$i.out` - rlRun "cat $sample_request_file1 $CERTDB_DIR/request_ocsp_001$i.out $sample_request_file2 > $temp_file" - rlLog "Executing: sed -e 's/$search_string1/$replace_string1/' -i $temp_file" - rlRun "sed -e 's/$search_string1/$replace_string1/' -i $temp_file" - local search_string2="testuser" - local replace_string2=$userid - rlLog "Executing: sed -e 's/$search_string2/$replace_string2/g' -i $temp_file" - rlRun "sed -e 's/$search_string2/$replace_string2/g' -i $temp_file" - local search_string3="Test User" - local replace_string3=$userfullName - rlLog "Executing: sed -e 's/$search_string3/$replace_string3/g' -i $temp_file" - rlRun "sed -e 's/$search_string3/$replace_string3/g' -i $temp_file" - - if [ $userid == $OCSP_adminV_user -o $userid == $OCSP_adminR_user -o $userid == $OCSP_agentV_user -o $userid == $OCSP_agentR_user -o $userid == $OCSP_auditV_user -o $userid == $OCSP_operatorV_user ]; then - #cert-request-submit===== - rlLog "Executing: pki cert-request-submit $temp_file" - rlRun "pki cert-request-submit $temp_file > $CERTDB_DIR/certrequest_ocsp_$i.out" 0 "Executing pki cert-request-submit" - rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest_ocsp_$i.out" - local request_id=`cat $CERTDB_DIR/certrequest_ocsp_$i.out | grep "Request ID:" | awk '{print $3}'` - rlLog "Request ID=$request_id" - rlRun "pki cert-request-show $request_id > $CERTDB_DIR/certrequestshow_ocsp_001$i.out" 0 "Executing pki cert-request-show $request_id" - rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - #Agent Approve the certificate after reviewing the cert for the user - rlLog "Executing: pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-request-review --action=approve $request_id" - - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-request-review --action=approve $request_id > $CERTDB_DIR/certapprove_ocsp_001$i.out" \ - 0 \ - "OCSP agent approve the cert" - rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_ocsp_001$i.out" - rlRun "pki cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" 0 "Executing pki cert-request-show $request_id" - rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out | grep "Certificate ID:" | awk '{print $3}'` - rlLog "Cerificate Serial Number=$certificate_serial_number" - - #Verify the certificate is valid - rlRun "pki cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_ocsp_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" - rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_ocsp_001$i.out" - rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_ocsp_001$i.out" - - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_ocsp_001$i.out > $CERTDB_DIR/validcert_ocsp_001$i.pem" - rlRun "certutil -d $CERTDB_DIR -A -n $userid -i $CERTDB_DIR/validcert_ocsp_001$i.pem -t "u,u,u"" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add-cert $userid --input $CERTDB_DIR/validcert_ocsp_001$i.pem > $CERTDB_DIR/useraddcert_ocsp_001$i.out" \ - 0 \ - "Cert is added to the user $userid" - - elif [ $userid == $OCSP_adminE_user -o $userid == $OCSP_agentE_user ]; then - #=======Expired cert waiting on response to --output ticket https://fedorahosted.org/pki/ticket/674 =======# - local profile_file="/var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg" - default_days="policyset.userCertSet.2.default.params.range=180" - change_days="policyset.userCertSet.2.default.params.range=1" - rlLog "Executing: sed -e 's/$default_days/$change_days/g' -i $profile_file" - rlRun "sed -e 's/$default_days/$change_days/g' -i $profile_file" - rlLog "Restart the subsytem" - rlRun "systemctl restart pki-tomcatd\@pki-tomcat.service" - #cert-request-submit===== - rlLog "Executing: pki cert-request-submit $temp_file" - rlRun "pki cert-request-submit $temp_file > $CERTDB_DIR/certrequest_ocsp_$i.out" 0 "Executing pki cert-request-submit" - rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest_ocsp_$i.out" - rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest_ocsp_$i.out" - local request_id=`cat $CERTDB_DIR/certrequest_ocsp_$i.out | grep "Request ID:" | awk '{print $3}'` - rlLog "Request ID=$request_id" - rlRun "pki cert-request-show $request_id > $CERTDB_DIR/certrequestshow_ocsp_001$i.out" 0 "Executing pki cert-request-show $request_id" - rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_ocsp_001$i.out" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-request-review --action=approve $request_id > $CERTDB_DIR/certapprove_ocsp_001$i.out" \ - 0 \ - "KRA agent approve the cert" - rlLog "cat $CERTDB_DIR/certapprove_ocsp_001$i.out" - rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_ocsp_001$i.out" - rlRun "pki cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" 0 "Executing pki cert-request-show $request_id" - rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - rlAssertGrep "Certificate ID:" "$CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out" - local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_ocsp_001$i.out | grep "Certificate ID:" | awk '{print $3}'` - rlLog "Cerificate Serial Number=$certificate_serial_number" - #Verify the certificate is expired - rlRun "pki cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_ocsp_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" - rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_ocsp_001$i.out" - rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_ocsp_001$i.out" - rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_ocsp_001$i.out > $CERTDB_DIR/validcert_ocsp_001$i.pem" - rlRun "certutil -d $CERTDB_DIR -A -n $userid -i $CERTDB_DIR/validcert_ocsp_001$i.pem -t "u,u,u"" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add-cert $userid --input $CERTDB_DIR/validcert_ocsp_001$i.pem > $CERTDB_DIR/useraddcert_ocsp_001$i.out" \ - 0 \ - "Cert is added to the user $userid" - rlLog "Modifying profile back to the defaults" - rlRun "sed -e 's/$change_days/$default_days/g' -i $profile_file" - rlLog "Restart the subsytem" - rlRun "systemctl restart pki-tomcatd\@pki-tomcat.service" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date --set='next day'" 0 "Set System date a day ahead" - rlRun "date" - rlRun "pki cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_exp_ocsp_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" - rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_exp_ocsp_001$i.out" - rlAssertGrep "Status: EXPIRED" "$CERTDB_DIR/certificate_show_exp_ocsp_001$i.out" - rlRun "date --set='2 days ago'" 0 "Set System back to the present day" - fi - fi - #Add the certificate to $CERTDB_DIR - #note: certificate b664 at $CERTDB_DIR/certificate_show_ocsp_001$i.out - if [ $userid == $OCSP_adminUTOCSP_user ]; then - rlRun "certutil -d /tmp/untrusted_cert_db -A -n $userid -i /opt/rhqa_pki/dummycert1.pem -t ",,"" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add-cert $userid --input /opt/rhqa_pki/dummycert1.pem > $CERTDB_DIR/useraddcert_ocsp_001$i.out" \ - 0 \ - "Cert is added to the user $userid" - elif [ $userid == $OCSP_agentUTOCSP_user ]; then - rlRun "certutil -d /tmp/untrusted_cert_db -A -n $userid -i /opt/rhqa_pki/dummycert1.pem -t ",,"" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - user-add-cert $userid --input /opt/rhqa_pki/dummycert1.pem > $CERTDB_DIR/useraddcert_ocsp_001$i.out" \ - 0 \ - "Cert is added to the user $userid" - #Revoke certificate of user OCSP_adminR and OCSP_agentR - elif [ $userid == $OCSP_adminR_user -o $userid == $OCSP_agentR_user ] ;then - rlLog "$userid" - rlLog "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-revoke $certificate_serial_number --force --reason = Unspecified > $CERTDB_DIR/revokecert_ocsp_001$i.out" - rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ - -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ - cert-revoke $certificate_serial_number --force --reason=Unspecified > $CERTDB_DIR/revokecert_ocsp_001$i.out" \ - 0 \ - "Certificate of user $userid is revoked" - rlAssertGrep "Serial Number: $certificate_serial_number" "$CERTDB_DIR/revokecert_ocsp_001$i.out" - rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/revokecert_ocsp_001$i.out" - rlAssertGrep "Status: REVOKED" "$CERTDB_DIR/revokecert_ocsp_001$i.out" - fi - let i=$i+2 - done - rlPhaseEnd -} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh index e8924d2bc..560e9c96b 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/ocsp/pki-user-cli-user-show-ocsp.sh @@ -3,17 +3,17 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli -# Description: PKI user-add CLI tests +# Description: PKI user-show CLI tests # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # The following pki cli commands needs to be tested: -# pki-user-cli-user-add Add users to pki subsystems. +# pki-user-cli-user-show Show OCSP users # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Author: Asha Akkiangady <aakkiang@redhat.com> # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # -# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing # to use, modify, copy, or redistribute it subject to the terms @@ -39,374 +39,865 @@ . /opt/rhqa_pki/env.sh ###################################################################################### -#pki-user-cli-user-ocsp.sh should be first executed prior to pki-user-cli-user-add-ocsp.sh -#pki-user-cli-user-add-ocsp.sh should be first executed prior to pki-user-cli-user-add-ocsp.sh +#create_role_users.sh should be first executed prior to pki-user-cli-user-show-ocsp.sh ###################################################################################### ######################################################################## -# Test Suite Globals -######################################################################## +run_pki-user-cli-user-show-ocsp_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId -######################################################################## + # Creating Temporary Directory for pki user-ocsp + rlPhaseStartSetup "pki user-ocsp Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi + + if [ "$ocsp_instance_created" = "TRUE" ] ; then + #local variables + user1=ocsp_agent2 + user1fullname="Test ocsp_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + rlPhaseStartTest "pki_user_show-configtest: pki user-show configuration test" + rlRun "pki user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \ + 0 \ + "pki user-show" + rlAssertGrep "usage: user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_user_show_cfg.out" + rlPhaseEnd -run_pki-user-cli-user-show-ocsp_tests(){ ##### Tests to show OCSP users #### - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001: Add a user to OCSP using OCSP_adminV" - rlLog "Executing: pki -d $TmpDir/nssdb \ - -n OCSP_adminV \ + rlPhaseStartTest "pki_user_cli_user_show-OCSP-001: Add user to OCSP using OCSP_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user1" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user1 > $TmpDir/pki-user-show-ocsp-001.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user $user1" rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-show-ocsp-001.out" rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-show-ocsp-001.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ocsp-001.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_1:maximum length of user id " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user2 > $TmpDir/pki-user-show-ocsp-001_1.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user2 user" rlAssertGrep "User \"$user2\"" "$TmpDir/pki-user-show-ocsp-001_1.out" - rlAssertGrep "User ID: $user2" "$TmpDir/pki-user-show-ocsp-001_1.out" + actual_userid_string=`cat $TmpDir/pki-user-show-ocsp-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_1.out" + rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_2:User id with # character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user3 > $TmpDir/pki-user-show-ocsp-001_2.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user3 user" rlAssertGrep "User \"$user3\"" "$TmpDir/pki-user-show-ocsp-001_2.out" rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-show-ocsp-001_2.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_2.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_3:User id with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user4 > $TmpDir/pki-user-show-ocsp-001_3.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user4 user" rlAssertGrep "User \"$user4\"" "$TmpDir/pki-user-show-ocsp-001_3.out" rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-show-ocsp-001_3.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_3.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_4:User id with @ character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user5 > $TmpDir/pki-user-show-ocsp-001_4.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user5 user" rlAssertGrep "User \"$user5\"" "$TmpDir/pki-user-show-ocsp-001_4.out" rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-show-ocsp-001_4.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_4.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_5:User id with ? character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user6 > $TmpDir/pki-user-show-ocsp-001_5.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show $user6 user" rlAssertGrep "User \"$user6\"" "$TmpDir/pki-user-show-ocsp-001_5.out" rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-show-ocsp-001_5.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_5.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_6:User id as 0" + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show $user7 > $TmpDir/pki-user-show-ocsp-001_6.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user $user7" rlAssertGrep "User \"$user7\"" "$TmpDir/pki-user-show-ocsp-001_6.out" rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-show-ocsp-001_6.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_6.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_7:--email with maximum length " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u1 > $TmpDir/pki-user-show-ocsp-001_7.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u1" rlAssertGrep "User \"u1\"" "$TmpDir/pki-user-show-ocsp-001_7.out" rlAssertGrep "User ID: u1" "$TmpDir/pki-user-show-ocsp-001_7.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_7.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-ocsp-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-show-ocsp-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_8:--email with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u2 > $TmpDir/pki-user-show-ocsp-001_8.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u2" rlAssertGrep "User \"u2\"" "$TmpDir/pki-user-show-ocsp-001_8.out" rlAssertGrep "User ID: u2" "$TmpDir/pki-user-show-ocsp-001_8.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_8.out" - rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-show-ocsp-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-show-ocsp-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_9:--email with # character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u3 > $TmpDir/pki-user-show-ocsp-001_9.out" \ - 0 \ - "Show pki OCSP_adminV user" + 0 \ + "Add user u3" rlAssertGrep "User \"u3\"" "$TmpDir/pki-user-show-ocsp-001_9.out" rlAssertGrep "User ID: u3" "$TmpDir/pki-user-show-ocsp-001_9.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_9.out" rlAssertGrep "Email: #" "$TmpDir/pki-user-show-ocsp-001_9.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_10:--email with * character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u4 > $TmpDir/pki-user-show-ocsp-001_10.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u4 using ${prefix}_adminV" rlAssertGrep "User \"u4\"" "$TmpDir/pki-user-show-ocsp-001_10.out" rlAssertGrep "User ID: u4" "$TmpDir/pki-user-show-ocsp-001_10.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_10.out" rlAssertGrep "Email: *" "$TmpDir/pki-user-show-ocsp-001_10.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_11:--email with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u5 > $TmpDir/pki-user-show-ocsp-001_11.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u5 using ${prefix}_adminV" rlAssertGrep "User \"u5\"" "$TmpDir/pki-user-show-ocsp-001_11.out" rlAssertGrep "User ID: u5" "$TmpDir/pki-user-show-ocsp-001_11.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_11.out" rlAssertGrep "Email: \\$" "$TmpDir/pki-user-show-ocsp-001_11.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_12:--email as number 0 " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u6 > $TmpDir/pki-user-show-ocsp-001_12.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u6 using ${prefix}_adminV" rlAssertGrep "User \"u6\"" "$TmpDir/pki-user-show-ocsp-001_12.out" rlAssertGrep "User ID: u6" "$TmpDir/pki-user-show-ocsp-001_12.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_12.out" rlAssertGrep "Email: 0" "$TmpDir/pki-user-show-ocsp-001_12.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_13:--state with maximum length " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u7 > $TmpDir/pki-user-show-ocsp-001_13.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u7 using ${prefix}_adminV" rlAssertGrep "User \"u7\"" "$TmpDir/pki-user-show-ocsp-001_13.out" rlAssertGrep "User ID: u7" "$TmpDir/pki-user-show-ocsp-001_13.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_13.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-ocsp-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-show-ocsp-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-ocsp-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-ocsp-001_13.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_14:--state with maximum length and symbols " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u8 > $TmpDir/pki-user-show-ocsp-001_14.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u8 using ${prefix}_adminV" rlAssertGrep "User \"u8\"" "$TmpDir/pki-user-show-ocsp-001_14.out" rlAssertGrep "User ID: u8" "$TmpDir/pki-user-show-ocsp-001_14.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_14.out" - rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678\\#\\?*$@" "$TmpDir/pki-user-show-ocsp-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-show-ocsp-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-ocsp-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-ocsp-001_14.out" + fi rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_15:--state with # character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u9 > $TmpDir/pki-user-show-ocsp-001_15.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u9 using ${prefix}_adminV" rlAssertGrep "User \"u9\"" "$TmpDir/pki-user-show-ocsp-001_15.out" rlAssertGrep "User ID: u9" "$TmpDir/pki-user-show-ocsp-001_15.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_15.out" rlAssertGrep "State: #" "$TmpDir/pki-user-show-ocsp-001_15.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_16:--state with * character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u10 > $TmpDir/pki-user-show-ocsp-001_16.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u10 using ${prefix}_adminV" rlAssertGrep "User \"u10\"" "$TmpDir/pki-user-show-ocsp-001_16.out" rlAssertGrep "User ID: u10" "$TmpDir/pki-user-show-ocsp-001_16.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_16.out" rlAssertGrep "State: *" "$TmpDir/pki-user-show-ocsp-001_16.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_17:--state with $ character " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u11 > $TmpDir/pki-user-show-ocsp-001_17.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u11 using ${prefix}_adminV" rlAssertGrep "User \"u11\"" "$TmpDir/pki-user-show-ocsp-001_17.out" rlAssertGrep "User ID: u11" "$TmpDir/pki-user-show-ocsp-001_17.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_17.out" rlAssertGrep "State: \\$" "$TmpDir/pki-user-show-ocsp-001_17.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_18:--state as number 0 " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u12 > $TmpDir/pki-user-show-ocsp-001_18.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show pki ${prefix}_adminV user" rlAssertGrep "User \"u12\"" "$TmpDir/pki-user-show-ocsp-001_18.out" rlAssertGrep "User ID: u12" "$TmpDir/pki-user-show-ocsp-001_18.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_18.out" rlAssertGrep "State: 0" "$TmpDir/pki-user-show-ocsp-001_18.out" rlPhaseEnd + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_19:--phone with maximum length " + rlPhaseStartTest "pki_user_cli_user_show-OCSP-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u13 > $TmpDir/pki-user-show-ocsp-001_19.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u13 using ${prefix}_adminV" rlAssertGrep "User \"u13\"" "$TmpDir/pki-user-show-ocsp-001_19.out" rlAssertGrep "User ID: u13" "$TmpDir/pki-user-show-ocsp-001_19.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_19.out" - rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-user-show-ocsp-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-ocsp-001_19.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_24:--phone as negative number -1230 " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u14 > $TmpDir/pki-user-show-ocsp-001_24.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u14 using ${prefix}_adminV" rlAssertGrep "User \"u14\"" "$TmpDir/pki-user-show-ocsp-001_24.out" rlAssertGrep "User ID: u14" "$TmpDir/pki-user-show-ocsp-001_24.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_24.out" rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-show-ocsp-001_24.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_25:--type as Auditors" + rlPhaseStartTest "pki_user_cli_user_show-OCSP-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u15 > $TmpDir/pki-user-show-ocsp-001_25.out" \ 0 \ - "Show pki OCSP_adminV user" + "Show user u15 using ${prefix}_adminV" rlAssertGrep "User \"u15\"" "$TmpDir/pki-user-show-ocsp-001_25.out" rlAssertGrep "User ID: u15" "$TmpDir/pki-user-show-ocsp-001_25.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_25.out" rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-show-ocsp-001_25.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_26:--type Certificate Manager Agents " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u16 > $TmpDir/pki-user-show-ocsp-001_26.out" \ 0 \ - "Show pki OCSP user" + "Show user u16 using ${prefix}_adminV" rlAssertGrep "User \"u16\"" "$TmpDir/pki-user-show-ocsp-001_26.out" rlAssertGrep "User ID: u16" "$TmpDir/pki-user-show-ocsp-001_26.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_26.out" rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-show-ocsp-001_26.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_27:--type Registration Manager Agents " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u17 > $TmpDir/pki-user-show-ocsp-001_27.out" \ 0 \ - "Show pki OCSP user" + "Show user u17 using ${prefix}_adminV" rlAssertGrep "User \"u17\"" "$TmpDir/pki-user-show-ocsp-001_27.out" rlAssertGrep "User ID: u17" "$TmpDir/pki-user-show-ocsp-001_27.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_27.out" rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-show-ocsp-001_27.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_28:--type Subsytem Group " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ user-show u18 > $TmpDir/pki-user-show-ocsp-001_28.out" \ 0 \ - "Show pki OCSP user" + "Show user u18 using ${prefix}_adminV" rlAssertGrep "User \"u18\"" "$TmpDir/pki-user-show-ocsp-001_28.out" rlAssertGrep "User ID: u18" "$TmpDir/pki-user-show-ocsp-001_28.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_28.out" - rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-show-ocsp-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-user-show-ocsp-001_28.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_29:--type Security Domain Administrators " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u19 > $TmpDir/pki-user-show-ocsp-001_29.out" \ 0 \ - "Show pki OCSP user" + "Show user u19 using ${prefix}_adminV" rlAssertGrep "User \"u19\"" "$TmpDir/pki-user-show-ocsp-001_29.out" rlAssertGrep "User ID: u19" "$TmpDir/pki-user-show-ocsp-001_29.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_29.out" rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-show-ocsp-001_29.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_30:--type ClonedSubsystems " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u20 > $TmpDir/pki-user-show-ocsp-001_30.out" \ 0 \ - "Show pki OCSP user" + "Show user u20 using ${prefix}_adminV" rlAssertGrep "User \"u20\"" "$TmpDir/pki-user-show-ocsp-001_30.out" rlAssertGrep "User ID: u20" "$TmpDir/pki-user-show-ocsp-001_30.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_30.out" rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-show-ocsp-001_30.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_31:--type Trusted Managers " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u21 > $TmpDir/pki-user-show-ocsp-001_31.out" \ 0 \ - "Show pki OCSP user" + "Show user u21 using ${prefix}_adminV" rlAssertGrep "User \"u21\"" "$TmpDir/pki-user-show-ocsp-001_31.out" rlAssertGrep "User ID: u21" "$TmpDir/pki-user-show-ocsp-001_31.out" rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-ocsp-001_31.out" rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-show-ocsp-001_31.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_32: Add a user to OCSP with -t option" + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-029: Show user with -t ocsp option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u22 > $TmpDir/pki-user-show-ocsp-001_32.out" \ 0 \ - "Show pki OCSP user" + "Show user u22 using ${prefix}_adminV" rlAssertGrep "User \"u22\"" "$TmpDir/pki-user-show-ocsp-001_32.out" rlAssertGrep "User ID: u22" "$TmpDir/pki-user-show-ocsp-001_32.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ocsp-001_32.out" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_33: Add a user -- all options provided" + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ - -t ocsp \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ user-show u23 > $TmpDir/pki-user-show-ocsp-001_33.out" \ 0 \ - "Show pki OCSP user" - + "Show user u23 using ${prefix}_adminV" rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-ocsp-001_33.out" rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ocsp-001_33.out" rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ocsp-001_33.out" @@ -415,25 +906,292 @@ run_pki-user-cli-user-show-ocsp_tests(){ rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-ocsp-001_33.out" rlAssertGrep "State: $state" "$TmpDir/pki-user-show-ocsp-001_33.out" rlPhaseEnd + #Negative Cases - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_34: Missing required option user id " - rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + rlPhaseStartTest "pki_user_cli_user_show-OCSP-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - user-show > $TmpDir/pki-user-show-ocsp-001_34.out 2>&1" \ - 1 \ - "Cannot show user without user id" - rlAssertGrep "usage: user-show <User ID>" "$TmpDir/pki-user-show-ocsp-001_34.out" + user-show U23 > $TmpDir/pki-user-show-ocsp-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-show-ocsp-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-033: Should not be able to show user using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-034: Should not be able to show user using a agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" rlPhaseEnd - rlPhaseStartTest "pki_user_cli_user_show-OCSP-001_35: Checking if user id case sensitive " + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-035: Should not be able to show user using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-036: Should not be able to show user using a OCSP_agentR user" + rlLog "To test error message consistency for the request pki_user_cli_user_show-OCSP-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t ocsp user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-037: Should not be able to show user using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-038: Should not be able to show user using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-039: Should not be able to show user using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a audit cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-040: Should not be able to show user using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t ocsp user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u23 > $TmpDir/pki-user-show-ocsp-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ocsp-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-ocsp-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-show-ocsp-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-ocsp-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show \"$user_length_exceed_max\"" rlRun "pki -d $CERTDB_DIR \ - -n OCSP_adminV \ + -n ${prefix}_adminV \ -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ -t ocsp \ - user-show U23 > $TmpDir/pki-user-show-ocsp-001_35.out 2>&1" \ - 1 \ - "Cannot show user since the user id is case sensitive" - rlAssertGrep "UserNotFoundException: User U23 not found" "$TmpDir/pki-user-show-ocsp-001_35.out" + user-show \"$user_length_exceed_max\" > $TmpDir/pki-user-show-ocsp-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-ocsp-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-044: user name with i18n characters" + rlLog "user-add user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-user-show-ocsp-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u24 > $TmpDir/pki-user-show-ocsp-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-ocsp-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-ocsp-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-user-show-ocsp-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-OCSP-045: user name with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-user-show-ocsp-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-show u25 > $TmpDir/pki-user-show-ocsp-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-user-show-ocsp-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-ocsp-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-user-show-ocsp-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t ocsp \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-del $usr > $TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-ocsp-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" rlPhaseEnd + else + rlLog "OCSP instance is not installed" + fi } |