diff options
Diffstat (limited to 'tests/dogtag/acceptance/cli-tests/pki-user-cli/tks')
12 files changed, 13276 insertions, 0 deletions
diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh new file mode 100755 index 000000000..c925eebb8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-add-tks.sh @@ -0,0 +1,1544 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-add Add users to pki TKS subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-user-cli-user-add-tks.sh +######################################################################## +run_pki-user-cli-user-add-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + rlPhaseStartSetup "pki_user_cli_user_add-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + if [ "$tks_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli-configtest: pki user --help configuration test" + rlRun "pki user --help > $TmpDir/pki_user_cfg.out 2>&1" \ + 0 \ + "pki user --help" + rlAssertGrep "user-find Find users" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-show Show user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-add Add user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-mod Modify user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-del Remove user" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-cert User certificate management commands" "$TmpDir/pki_user_cfg.out" + rlAssertGrep "user-membership User membership management commands" "$TmpDir/pki_user_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-configtest: pki user-add configuration test" + rlRun "pki user-add --help > $TmpDir/pki_user_add_cfg.out 2>&1" \ + 0 \ + "pki user-add --help" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--email <email> Email" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--fullName <fullName> Full name" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--password <password> Password" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--phone <phone> Phone" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--state <state> State" "$TmpDir/pki_user_add_cfg.out" + rlAssertGrep "\--type <type> Type" "$TmpDir/pki_user_add_cfg.out" + rlPhaseEnd + + ##### Tests to add TKS users using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_user_cli_user_add-TKS-001: Add a user to TKS using TKS_adminV" + user1=tks_agent2 + user1fullname="Test tks_agent" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -t tks -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-001.out" 0 "Add user $user1 to TKS_adminV" + rlAssertGrep "Added user \"$user1\"" "$TmpDir/pki-user-add-tks-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-add-tks-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-tks-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-002:maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlLog "user2=$user2" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-tks-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + actual_userid_string=`cat $TmpDir/pki-user-add-tks-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-003:User id with # character" + user3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user3 > $TmpDir/pki-user-add-tks-001_2.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with # character" + rlAssertGrep "Added user \"$user3\"" "$TmpDir/pki-user-add-tks-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-add-tks-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-004:User id with $ character" + user4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user4 > $TmpDir/pki-user-add-tks-001_3.out" \ + 0 \ + "Added user using ${prefix}_adminV, user id with $ character" + rlAssertGrep "Added user \"$user4\"" "$TmpDir/pki-user-add-tks-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-add-tks-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-005:User id with @ character" + user5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user5 > $TmpDir/pki-user-add-tks-001_4.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with @ character" + rlAssertGrep "Added user \"$user5\"" "$TmpDir/pki-user-add-tks-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-add-tks-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-006:User id with ? character" + user6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user6 > $TmpDir/pki-user-add-tks-001_5.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id with ? character" + rlAssertGrep "Added user \"$user6\"" "$TmpDir/pki-user-add-tks-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-add-tks-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-007:User id as 0" + user7=0 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user7 > $TmpDir/pki-user-add-tks-001_6.out " \ + 0 \ + "Added user using ${prefix}_adminV, user id 0" + rlAssertGrep "Added user \"$user7\"" "$TmpDir/pki-user-add-tks-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-add-tks-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-008:--email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=\"$email\" u1 > $TmpDir/pki-user-add-tks-001_7.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlAssertGrep "Added user \"u1\"" "$TmpDir/pki-user-add-tks-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-user-add-tks-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-add-tks-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-009:--email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlLog "email=$email" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email='$email' u2 > $TmpDir/pki-user-add-tks-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlAssertGrep "Added user \"u2\"" "$TmpDir/pki-user-add-tks-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-user-add-tks-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-add-tks-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-010:--email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=# u3 > $TmpDir/pki-user-add-tks-001_9.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email # character" + rlAssertGrep "Added user \"u3\"" "$TmpDir/pki-user-add-tks-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-user-add-tks-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-user-add-tks-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-011:--email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=* u4 > $TmpDir/pki-user-add-tks-001_10.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email * character" + rlAssertGrep "Added user \"u4\"" "$TmpDir/pki-user-add-tks-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-user-add-tks-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-user-add-tks-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-012:--email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=$ u5 > $TmpDir/pki-user-add-tks-001_11.out" \ + 0 \ + "Added user using ${prefix}_adminV with --email $ character" + rlAssertGrep "Added user \"u5\"" "$TmpDir/pki-user-add-tks-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-user-add-tks-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-user-add-tks-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-013:--email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=0 u6 > $TmpDir/pki-user-add-tks-001_12.out " \ + 0 \ + "Added user using ${prefix}_adminV with --email 0" + rlAssertGrep "Added user \"u6\"" "$TmpDir/pki-user-add-tks-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-user-add-tks-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-user-add-tks-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-014:--state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=\"$state\" u7 > $TmpDir/pki-user-add-tks-001_13.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length" + rlAssertGrep "Added user \"u7\"" "$TmpDir/pki-user-add-tks-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-user-add-tks-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-add-tks-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-tks-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-tks-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-015:--state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlLog "state=$state" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state='$state' u8 > $TmpDir/pki-user-add-tks-001_14.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --state length and character symbols in it" + rlAssertGrep "Added user \"u8\"" "$TmpDir/pki-user-add-tks-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-user-add-tks-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-add-tks-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-add-tks-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-add-tks-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-016:--state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=test --state=# u9 > $TmpDir/pki-user-add-tks-001_15.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tks-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tks-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-user-add-tks-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-017:--state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=* u10 > $TmpDir/pki-user-add-tks-001_16.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state * character" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-tks-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-tks-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-user-add-tks-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-018:--state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=$ u11 > $TmpDir/pki-user-add-tks-001_17.out" \ + 0 \ + "Added user using ${prefix}_adminV with --state $ character" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-tks-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-tks-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-user-add-tks-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-019:--state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=0 u12 > $TmpDir/pki-user-add-tks-001_18.out " \ + 0 \ + "Added user using ${prefix}_adminV with --state 0" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-add-tks-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-add-tks-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-user-add-tks-001_18.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-020:--phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=\"$phone\" u13 > $TmpDir/pki-user-add-tks-001_19.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --phone length" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-user-add-tks-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-user-add-tks-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-tks-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-021:--phone with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + phone=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + phone=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone='$phone' usr1 > $TmpDir/pki-user-add-tks-001_20.out 2>&1"\ + 255 \ + "Should not be able to add user using ${prefix}_adminV with maximum --phone with character symbols in it" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_20.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tks-001_20.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-022:--phone with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=# usr2 > $TmpDir/pki-user-add-tks-001_21.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character #" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_21.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tks-001_21.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-023:--phone with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=* usr3 > $TmpDir/pki-user-add-tks-001_22.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character *" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_22.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tks-001_22.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-024:--phone with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=$ usr4 > $TmpDir/pki-user-add-tks-001_23.out 2>&1" \ + 255 \ + "Should not be able to add user using ${prefix}_adminV --phone with character $" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_23.out" + rlAssertNotGrep "PKIException: LDAP error (21): error result" "$TmpDir/pki-user-add-tks-001_23.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/833#comment:1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-025:--phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=-1230 u14 > $TmpDir/pki-user-add-tks-001_24.out " \ + 0 \ + "Added user using ${prefix}_adminV with --phone -1230" + rlAssertGrep "Added user \"u14\"" "$TmpDir/pki-user-add-tks-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-user-add-tks-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-add-tks-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-026:--type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=Auditors u15 > $TmpDir/pki-user-add-tks-001_25.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Auditors" + rlAssertGrep "Added user \"u15\"" "$TmpDir/pki-user-add-tks-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-add-tks-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-add-tks-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-027:--type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16 > $TmpDir/pki-user-add-tks-001_26.out" \ + 0 \ + "Added user using ${prefix}_adminV --type Certificate Manager Agents" + rlAssertGrep "Added user \"u16\"" "$TmpDir/pki-user-add-tks-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-add-tks-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-add-tks-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-028:--type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17 > $TmpDir/pki-user-add-tks-001_27.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Registration Manager Agents" + rlAssertGrep "Added user \"u17\"" "$TmpDir/pki-user-add-tks-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-user-add-tks-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-add-tks-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-029:--type Subsytem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Subsytem Group\" u18 > $TmpDir/pki-user-add-tks-001_28.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Subsytem Group" + rlAssertGrep "Added user \"u18\"" "$TmpDir/pki-user-add-tks-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-user-add-tks-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_28.out" + rlAssertGrep "Type: Subsytem Group" "$TmpDir/pki-user-add-tks-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-030:--type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19 > $TmpDir/pki-user-add-tks-001_29.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Security Domain Administrators" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-tks-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-tks-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-add-tks-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-031:--type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=ClonedSubsystems u20 > $TmpDir/pki-user-add-tks-001_30.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type ClonedSubsystems" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-tks-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-tks-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-add-tks-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-032:--type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Trusted Managers\" u21 > $TmpDir/pki-user-add-tks-001_31.out" \ + 0 \ + "Added user using ${prefix}_adminV with --type Trusted Managers" + rlAssertGrep "Added user \"u21\"" "$TmpDir/pki-user-add-tks-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-user-add-tks-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-add-tks-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-033:--type Dummy Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Dummy Group\" u25 > $TmpDir/pki-user-add-tks-001_33.out 2>&1 " \ + 1,255 \ + "Adding user using ${prefix}_adminV with --type Dummy Group" + rlAssertNotGrep "Added user \"u25\"" "$TmpDir/pki-user-add-tks-001_33.out" + rlAssertNotGrep "User ID: u25" "$TmpDir/pki-user-add-tks-001_33.out" + rlAssertNotGrep "Full name: test" "$TmpDir/pki-user-add-tks-001_33.out" + rlAssertNotGrep "Type: Dummy Group" "$TmpDir/pki-user-add-tks-001_33.out" + rlAssertGrep "ClientResponseFailure: Error status 4XX" "$TmpDir/pki-user-add-tks-001_33.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-034: Add a duplicate user to TKS" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"New user\" $user1 > $TmpDir/pki-user-add-tks-002.out 2>&1 " + + expmsg="ConflictingOperationException: Entry already exists." + rlRun "$command" 255 "Add duplicate user" + rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-tks-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-036: Add a user -- missing required option user id" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" > $TmpDir/pki-user-add-tks-004.out" \ + 255 \ + "Add user -- missing required option user id" + rlAssertGrep "usage: user-add <User ID> --fullName <fullname> \[OPTIONS...\]" "$TmpDir/pki-user-add-tks-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-037: Add a user -- missing required option --fullName" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add $user1 > $TmpDir/pki-user-add-tks-005.out 2>&1" + errmsg="Error: Missing required option: fullName" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add a user -- missing required option --fullName" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-038: Add a user -- all options provided" + email="tks_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23 > $TmpDir/pki-user-add-tks-006_1.out" \ + 0 \ + "Add user u23 to TKS -- all options provided" + rlAssertGrep "Added user \"u23\"" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-add-tks-006_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-add-tks-006_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-039: Add user to multiple groups" + user=u24 + userfullname="Multiple Group User" + email="multiplegroup@myemail.com" + user_password="admin2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$userfullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + $user > $TmpDir/pki-user-add-tks-006.out " \ + 0 \ + "Add user $user using ${prefix}_adminV" + rlAssertGrep "Added user \"u24\"" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "Full name: $userfullname" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-add-tks-006.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-add-tks-006.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-add Administrators $user > $TmpDir/pki-user-add-tks-007_1.out" \ + 0 \ + "Add user $user to Administrators group" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-tks-007_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-user-add-tks-007_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find Administrators > $TmpDir/pki-user-add-tks-007.out" \ + 0 \ + "Show pki group-member-find Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-add \"Token Key Service Manager Agents\" $user > $TmpDir/pki-user-add-tks-007_1_1.out" \ + 0 \ + "Add user $user to Token Key Service Manager Agents" + + rlAssertGrep "Added group member \"$user\"" "$TmpDir/pki-user-add-tks-007_1_1.out" + rlAssertGrep "User: $user" "$TmpDir/pki-user-add-tks-007_1_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find \"Token Key Service Manager Agents\" > $TmpDir/pki-user-add-tks-007_2.out" \ + 0 \ + "Show pki group-member-find Token Key Service Manager Agents" + + rlAssertGrep "User: $user" "$TmpDir/pki-user-add-tks-007_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-040: Add user with --password less than 8 characters" + userpw="pass" + expmsg="PKIException: The password must be at least 8 characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" --password=$userpw $user1 > $TmpDir/pki-user-add-tks-008.out 2>&1" \ + 255 \ + "Add a user --must be at least 8 characters --password" + rlAssertGrep "$expmsg" "$TmpDir/pki-user-add-tks-008.out" + rlPhaseEnd + + ##### Tests to add users using revoked cert##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-041: Should not be able to add user using a revoked cert TKS_adminR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-042: Should not be able to add user using a agent with revoked cert TKS_agentR" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a user having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add users using an agent user##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-043: Should not be able to add user using a valid agent TKS_agentV user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tks-agentV-002.out" + rlPhaseEnd + + ##### Tests to add users using CA_agentUTCA user's certificate will be issued by an untrusted CA ##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-044: Should not be able to add user using a TKS_agentUTCA user" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-agentUTCA-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-agentUTCA-002.out" + rlPhaseEnd + + ##### Tests to add users using expired cert##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-045: Should not be able to add user using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-tks-adminE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-046: Should not be able to add user using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a agent cert" + rlAssertGrep "ClientResponseFailure: Error status 401 Unauthorized returned" "$TmpDir/pki-user-add-tks-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-tks-agentE-002.out" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add users using audit users##### + rlPhaseStartTest "pki_user_cli_user_add-TKS-047: Should not be able to add user using a TKS_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tks-auditV-002.out" + rlPhaseEnd + + + ##### Tests to add users using operator user### + rlPhaseStartTest "pki_user_cli_user_add-TKS-048: Should not be able to add user using a TKS_operatorV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tks-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-049: Should not be able to add user using a cert created from a untrusted TKS TKS_adminUTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1 > $TmpDir/pki-user-add-tks-adminUTCA-003.out 2>&1" \ + 255 \ + "Should not be able to add user $user1 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-adminUTCA-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-050: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 80000 | strings | grep -io [[:alnum:]] | head -n 10000 | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test \"$user_length_exceed_max\" > $TmpDir/pki-user-add-tks-001_50.out 2>&1" \ + 255 \ + "Adding user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertNotGrep "ClientResponseFailure: Error status 500 Internal Server Error returned" "$TmpDir/pki-user-add-tks-001_50.out" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-add-tks-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-051: fullname with i18n characters" + rlLog "user-add fullname Örjan Äke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Örjan Äke' u26 > $TmpDir/pki-user-add-tks-001_51.out 2>&1" \ + 0 \ + "Adding u26 with full name Örjan Äke" + rlAssertGrep "Added user \"u26\"" "$TmpDir/pki-user-add-tks-001_51.out" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-add-tks-001_51.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-add-tks-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-052: fullname with i18n characters" + rlLog "user-add fullname Éric Têko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u27 > $TmpDir/pki-user-add-tks-001_52.out 2>&1" \ + 0 \ + "Adding u27 with full Éric Têko" + rlAssertGrep "Added user \"u27\"" "$TmpDir/pki-user-add-tks-001_52.out" + rlAssertGrep "User ID: u27" "$TmpDir/pki-user-add-tks-001_52.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-add-tks-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-053: fullname with i18n characters" + rlLog "user-add fullname éénentwintig dvidešimt with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='éénentwintig dvidešimt' u28 > $TmpDir/pki-user-add-tks-001_53.out 2>&1" \ + 0 \ + "Adding fullname éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added user \"u28\"" "$TmpDir/pki-user-add-tks-001_53.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-tks-001_53.out" + rlAssertGrep "User ID: u28" "$TmpDir/pki-user-add-tks-001_53.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u28 > $TmpDir/pki-user-add-tks-001_53_2.out 2>&1" \ + 0 \ + "Show user u28 with fullname éénentwintig dvidešimt in i18n characters" + rlAssertGrep "User \"u28\"" "$TmpDir/pki-user-add-tks-001_53_2.out" + rlAssertGrep "Full name: éénentwintig dvidešimt" "$TmpDir/pki-user-add-tks-001_53_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-054: fullname with i18n characters" + rlLog "user-add fullname kakskümmend üks with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='kakskümmend üks' u29 > $TmpDir/pki-user-add-tks-001_54.out 2>&1" \ + 0 \ + "Adding fillname kakskümmend üks with i18n characters" + rlAssertGrep "Added user \"u29\"" "$TmpDir/pki-user-add-tks-001_54.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-tks-001_54.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u29 > $TmpDir/pki-user-add-tks-001_54_2.out" \ + 0 \ + "Show user u29 with fullname kakskümmend üks in i18n characters" + rlAssertGrep "User \"u29\"" "$TmpDir/pki-user-add-tks-001_54_2.out" + rlAssertGrep "Full name: kakskümmend üks" "$TmpDir/pki-user-add-tks-001_54_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-055: fullname with i18n characters" + rlLog "user-add fullname двадцять один тридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='двадцять один тридцять' u30 > $TmpDir/pki-user-add-tks-001_55.out 2>&1" \ + 0 \ + "Adding fillname двадцять один тридцять with i18n characters" + rlAssertGrep "Added user \"u30\"" "$TmpDir/pki-user-add-tks-001_55.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-tks-001_55.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u30 > $TmpDir/pki-user-add-tks-001_55_2.out" \ + 0 \ + "Show user u30 with fullname двадцять один тридцять in i18n characters" + rlAssertGrep "User \"u30\"" "$TmpDir/pki-user-add-tks-001_55_2.out" + rlAssertGrep "Full name: двадцять один тридцять" "$TmpDir/pki-user-add-tks-001_55_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-056: user id with i18n characters" + rlLog "user-add userid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test 'ÖrjanÄke'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test 'ÖrjanÄke'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding uid ÖrjanÄke with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-057: userid with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test 'ÉricTêko'" + command="pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test 'ÉricTêko'" + errmsg="IncorrectUserIdException" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user id ÉricTêko with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-058: email address with i18n characters" + rlLog "user-add email address negyvenkettő@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tks user-add --fullName=test --email='negyvenkettő@qetestsdomain.com' u31" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email negyvenkettő@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-059: email address with i18n characters" + rlLog "user-add email address četrdesmitdivi@qetestsdomain.com with i18n characters" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-add --fullName=test --email='četrdesmitdivi@qetestsdomain.com' u32" + rlLog "Executing $command" + errmsg="IncorrectPasswordException: Incorrect client security database password." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding email četrdesmitdivi@qetestsdomain.com with i18n characters" + rlLog "PKI Ticket :: https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-060: password with i18n characters" + rlLog "user-add password šimtaskolmkümmend with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --password='šimtaskolmkümmend' u31 > $TmpDir/pki-user-add-tks-001_60.out 2>&1" \ + 0 \ + "Adding password šimtaskolmkümmend with i18n characters" + rlAssertGrep "Added user \"u31\"" "$TmpDir/pki-user-add-tks-001_60.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u31 > $TmpDir/pki-user-add-tks-001_60_2.out" \ + 0 \ + "Show user u31 with password šimtaskolmkümmend in i18n characters" + rlAssertGrep "User \"u31\"" "$TmpDir/pki-user-add-tks-001_60_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-061: password with i18n characters" + rlLog "user-add password двадцяттридцять with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --password='двадцяттридцять' u32 > $TmpDir/pki-user-add-tks-001_61.out 2>&1" \ + 0 \ + "Adding password двадцяттридцять with i18n characters" + rlAssertGrep "Added user \"u32\"" "$TmpDir/pki-user-add-tks-001_61.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u32 > $TmpDir/pki-user-add-tks-001_61_2.out" \ + 0 \ + "Show user u32 with password двадцяттридцять in i18n characters" + rlAssertGrep "User \"u32\"" "$TmpDir/pki-user-add-tks-001_61_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-062: type with i18n characters" + rlLog "user-add type tjugo-tvåhetvenhét with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type='tjugo-tvåhetvenhét' u33 > $TmpDir/pki-user-add-tks-001_62.out 2>&1" \ + 0 \ + "Adding type tjugo-tvåhetvenhét with i18n characters" + rlAssertGrep "Added user \"u33\"" "$TmpDir/pki-user-add-tks-001_62.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-tks-001_62.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u33 > $TmpDir/pki-user-add-tks-001_62_2.out" \ + 0 \ + "Show user u33 with type tjugo-tvåhetvenhét in i18n characters" + rlAssertGrep "User \"u33\"" "$TmpDir/pki-user-add-tks-001_62_2.out" + rlAssertGrep "Type: tjugo-tvåhetvenhét" "$TmpDir/pki-user-add-tks-001_62_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-063: type with i18n characters" + rlLog "user-add type мiльйонтридцять with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type='мiльйонтридцять' u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type='мiльйонтридцять' u34 > $TmpDir/pki-user-add-tks-001_63.out 2>&1" \ + 0 \ + "Adding type мiльйонтридцять with i18n characters" + rlAssertGrep "Added user \"u34\"" "$TmpDir/pki-user-add-tks-001_63.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-tks-001_63.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u34" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u34 > $TmpDir/pki-user-add-tks-001_63_2.out" \ + 0 \ + "Show user u34 with type мiльйонтридцять in i18n characters" + rlAssertGrep "User \"u34\"" "$TmpDir/pki-user-add-tks-001_63_2.out" + rlAssertGrep "Type: мiльйонтридцять" "$TmpDir/pki-user-add-tks-001_63_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-064: state with i18n characters" + rlLog "user-add state čå with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state='čå' u35 > $TmpDir/pki-user-add-tks-001_64.out 2>&1" \ + 0 \ + "Adding state 'čå' with i18n characters" + rlAssertGrep "Added user \"u35\"" "$TmpDir/pki-user-add-tks-001_64.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-tks-001_64.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u35 > $TmpDir/pki-user-add-tks-001_64_2.out" \ + 0 \ + "Show user u35 with state čå in i18n characters" + rlAssertGrep "User \"u35\"" "$TmpDir/pki-user-add-tks-001_64_2.out" + rlAssertGrep "State: čå" "$TmpDir/pki-user-add-tks-001_64_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-065: state with i18n characters" + rlLog "user-add state йč with i18n characters" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state='йč' u36 > $TmpDir/pki-user-add-tks-001_65.out 2>&1" \ + 0 \ + "Adding state 'йč' with i18n characters" + rlAssertGrep "Added user \"u36\"" "$TmpDir/pki-user-add-tks-001_65.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-tks-001_65.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u36 > $TmpDir/pki-user-add-tks-001_65_2.out" \ + 0 \ + "Show user u36 with state йč in i18n characters" + rlAssertGrep "User \"u36\"" "$TmpDir/pki-user-add-tks-001_65_2.out" + rlAssertGrep "State: йč" "$TmpDir/pki-user-add-tks-001_65_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-066: Should not be able to add user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlLog "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" \"US\" \"--\" \"ret_reqstatus\" \"ret_requestid\" \"$CA_HOST\" \"$(eval echo \$${caId}_UNSECURE_PORT)\" " 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user u39" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$$subsystemId{}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-add-tks-pkiUser1-002.out 2>&1" 255 "Should not be able to add users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-add-tks-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-067: Should not be able to add user using Normal user credential" + local pki_user="idm1_user_1" + local pki_user_fullName="Idm1 User 1" + local pki_pwd="Secret123" + rlLog "Create user $pki_user" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add $pki_user \ + --fullName \"$pki_user_fullName\" \ + --password $pki_pwd" 0 "Create $pki_user User" + local TEMP_NSS_DB="$TmpDir/nssdb" + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t tks \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $pki_user \ + -w $pki_pwd \ + -t tks \ + user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authentication method not allowed." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_add-TKS-068: Should not be able to add user using invalid user credential" + local invalid_pki_user=test1 + local invalid_pki_user_pwd=Secret123 + rlLog "Executing: pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t tks \ + user-add --fullName=test_user u39" + command="pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -u $invalid_pki_user \ + -w $invalid_pki_user_pwd \ + -t tks \ + user-add --fullName=test_user u39" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Adding user using Normal user credential" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup: Deleting users" + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 37 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del '$usr' > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + actual_delete_user_string=`cat $TmpDir/pki-user-del-tks-user-symbol-00$j.out | grep 'Deleted user' | xargs echo` + expected_delete_user_string="Deleted user $usr" + if [[ $actual_delete_user_string = $expected_delete_user_string ]] ; then + rlPass "Deleted user \"$usr\" found in $TmpDir/pki-user-del-tks-user-symbol-00$j.out" + else + rlFail "Deleted user \"$usr\" not found in $TmpDir/pki-user-del-tks-user-symbol-00$j.out" + fi + let j=$j+1 + done + #Deleting user idm_user_1 + local pki_user="idm1_user_1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del $pki_user > $TmpDir/pki-user-del-user-tks-2_1.out" \ + 0 \ + "Deleted user $pki_user" + rlAssertGrep "Deleted user \"$pki_user\"" "$TmpDir/pki-user-del-user-tks-2_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not created." + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-add-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-add-tks.sh new file mode 100755 index 000000000..97cda8141 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-add-tks.sh @@ -0,0 +1,2400 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-add-tks Add certs to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-add-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-add-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + rlPhaseStartSetup "pki_user_cli_user_cert-add-tks-startup: Create temporary directory and initializing host/port variables" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + +local cert_info="$TmpDir/cert_info" +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ca_admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to add certs to TKS users #### + + ##### Add one cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-002: Add one cert to a user should succeed" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_002pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_002pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_002crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_002crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_002crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $user2" + rlPhaseEnd + +##### Add multiple certs to a user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-add-tks-003: Add multiple certs to a user should succeed" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_003pkcs10$i.out > $TmpDir/pki_tks_user_cert_add_validcert_003pkcs10$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003pkcs10$i.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" \ + 0 \ + "PKCS10 Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003pkcs10$i.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_003crmf$i.out > $TmpDir/pki_tks_user_cert_add_validcert_003crmf$i.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_add_validcert_003crmf$i.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $user1" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_003crmf$i.out" + + let i=$i+1 + done + rlPhaseEnd + + ##### Add expired cert to a user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-004: Adding expired cert to a user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + local validityperiod="1 day" + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:pkcs10 algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + local cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + local cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_004pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_004pkcs10.out > $TmpDir/pki_tks_user_cert_add_expiredcert_004pkcs10.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_expiredcert_004pkcs10.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + + rlLog "Generate cert with validity period of $validityperiod" + rlRun "generate_modified_cert validity_period:\"$validityperiod\" tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD \ + req_type:crmf algo:rsa key_size:2048 cn: uid: email: ou: org: country: archive:false host:$CA_HOST port:$CA_PORT profile: \ + cert_db:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD admin_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info expect_data:$exp" + cert_end_date=$(cat $cert_info| grep cert_end_date | cut -d- -f2) + cur_date=$(date) # Save current date + rlLog "Date & Time before Modifying system date: $cur_date" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlRun "chronyc -a -m 'offline' 'settime $cert_end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_004crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_004crmf.out > $TmpDir/pki_tks_user_cert_add_expiredcert_004crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_expiredcert_004crmf.pem" + errmsg="BadRequestException: Certificate expired" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding an expired cert to a user should fail" + rlLog "Set the date back to it's original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after running chrony: $(date)" + +rlPhaseEnd + +#### Add a revoked cert to a user ### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-005: Add revoked cert to a user should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_005pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_005pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_005pkcs10.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + cert-revoke $valid_pkcs10_serialNumber --force > $TmpDir/pki_tks_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_005pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_005pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_005crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_005crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_005crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n \"$ca_admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + cert-revoke $valid_crmf_serialNumber --force > $TmpDir/pki_tks_user_cert_add_revokecert_005pkcs10.out" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_user_cert_add-CA_validcert_005crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_005crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_005crmf.out" + +rlPhaseEnd + + ##### Add one cert to a user - User ID missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-006: Add one cert to a user should fail when USER ID is missing" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_006pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_006pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_006pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_006crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_006crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_006crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_006pkcs10.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_006crmf.pem" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - USER ID missing" +rlPhaseEnd + + ##### Add one cert to a user - --input parameter missing ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-007: Add one cert to a user should fail when --input parameter is missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New User1\" u1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $user2" + errmsg="Error: Missing input file or serial number." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input parameter missing" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u1" +rlPhaseEnd + +##### Add one cert to a user - argument for --input parameter missing ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-008: Add one cert to a user should fail when argument for the --input param is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input" + errmsg="Error: Missing argument for option: input" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Argument for input parameter is missing" +rlPhaseEnd + + ##### Add one cert to a user - Invalid cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-009: Add one cert to a user should fail when the cert is invalid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on pkcs10 request" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_009pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_009pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_009pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD myreq_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: subject_ou: org: country: archive:false \ + req_profile: target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" 0 "Generate certificate based on crmf request" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_009crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_009crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_009crmf.pem" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tks_user_cert_add_validcert_009pkcs10.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_009pkcs10.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" + + rlRun "sed -i -e 's/-----BEGIN CERTIFICATE-----/BEGIN CERTIFICATE-----/g' $TmpDir/pki_tks_user_cert_add_validcert_009crmf.pem" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_009crmf.pem" + errmsg="PKIException: Certificate exception" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Invalid Certificate cannot be added to a user" +rlPhaseEnd + + ##### Add one cert to a user - Input file does not exist ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0010: Add one cert to a user should fail when Input file does not exist " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $user2 --input $TmpDir/tempfile.pem" + errmsg="FileNotFoundException: File '$TmpDir/tempfile.pem' does not exist" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Input file does not exist" +rlPhaseEnd + + ##### Add one cert to a user - i18n characters in the Subject name of the cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0011: Add one cert to a user - Should be able to add certs with i18n characters in the Subject name of the cert" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0011pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0011pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0011pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0011crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0011crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0011crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_add_validcert_0011crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user2@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0011crmf.out" +rlPhaseEnd + +##### Add one cert to a user - User type 'Auditors' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0012: Add cert to a user of type 'Auditors'" + local userid="Auditor_user" + local userFullname="Auditor User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=Auditors $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0012pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0012pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0012pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0012crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0012crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0012crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0012crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0012crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Certificate Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_tks_user_cert-add-tks-0013: Add cert to a user of type 'Certificate Manager Agents'" + local userid="Certificate_Manager_Agents" + local userFullname="Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Certificate Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0013pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0013pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0013pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0013crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0013crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0013crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0013crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0013crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Registration Manager Agents' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0014: Add cert to a user of type 'Registration Manager Agents'" + local userid="Registration_Manager_Agent_user" + local userFullname="Registration Manager Agent User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Registration Manager Agents\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0014pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0014pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0014pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0014crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0014crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0014crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0014crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0014crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Subsystem Group' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0015: Add cert to a user of type 'Subsystem Group'" + local userid="Subsystem_group_user" + local userFullname="Subsystem Group User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Subsystem Group\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0015pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0015pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0015pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0015crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0015crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0015crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0015crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out 2>&1" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0015crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Security Domain Administrators' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0016: Add cert to a user of type 'Security Domain Administrators'" + local userid="Security_Domain_Administrators_user" + local userFullname="Security Domain Administrators User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Security Domain Administrators\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0016pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0016pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0016pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0016crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0016crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0016crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0016crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0016crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'ClonedSubsystems' ##### +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0017: Add cert to a user of type 'ClonedSubsystems'" + local userid="ClonedSubsystems_user" + local userFullname="ClonedSubsystems User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"ClonedSubsystems\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0017pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0017pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0017pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0017crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0017crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0017crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0017crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0017crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Add one cert to a user - User type 'Trusted Managers' ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0018: Add cert to a user of type 'Trusted Managers'" + local userid="Trusted_Managers_user" + local userFullname="Trusted Managers User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" --type=\"Trusted Managers\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0018pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0018pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0018pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$userFullname\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0018crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0018crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0018crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0018crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$userFullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0018crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +##### Usability Tests ##### + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user ##### + +rlPhaseStartTest "pki_tks_user_cli_tks_user_cert-add-0019: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add Administrators admin_user > $TmpDir/pki-tks-user-add-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add Administrators admin_user1 > $TmpDir/pki-tks-user-add-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0019pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0019crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user --input $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user --input $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019pkcs10.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tks_user_cert_add_validcert_0019pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tks_user_cert_add_useradd_0019.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tks_user_cert_add_useradd_0019.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tks_user_cert_add_useradd_0019.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tks_user_cert_add_useradd_0019.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem > $TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlAssertGrep "Subject: UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0019crmf.out" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tks_user_cert_add_validcert_0019crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tks_user_cert_add_useradd_0019crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del new_test_user2" +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid agent user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-TKS-0020: Adding a cert as a TKS agent user should fail" + local userid="new_user1" + local userFullname="New User1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0021pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0021pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0021crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0021crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0021crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0021pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as valid TKS agent user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0021crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a valid TKS agent user" + +rlPhaseEnd + +##### Add one cert to a user - authenticating as a valid auditor user ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0021: Adding a cert as valid TKS auditor user should fail" + local userid="new_user2" + local userFullname="New User2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0022pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0022pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0022crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0022crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0022pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as a TKS auditor user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0022crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as " +rlPhaseEnd + +##### Add one cert to a user - authenticating as an admin user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0022: Adding a cert as TKS_adminE should fail" + local userid="new_user3" + local userFullname="New User3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0023pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0023pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0023pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0023crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0023crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0023crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0023pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0023crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as an admin user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0023: Adding a cert as an admin user with revoked cert should fail" + local userid="new_user4" + local userFullname="New User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0024pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0024pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0024pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0024crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0024crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0024crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0024pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0024crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as admin user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +##### Adding a cert as an agent user with revoked cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0024: Adding a cert as an agent user with revoked cert should fail" + local userid="new_user5" + local userFullname="New User5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0025pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0025pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0025crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0025crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0025crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0025pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0025crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + + ##### Adding a cert as an agent user with expired cert ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0025: Adding a cert as agent user with expired cert should fail" + local userid="new_user6" + local userFullname="New User6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0026pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0026pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0026pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0026crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0026crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0026crmf.pem" + + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0026pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0026crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as an agent user with expired cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" +rlPhaseEnd + +##### Adding a cert as role_user_UTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0026: Adding a cert as role_user_UTCA should fail" + local userid="new_user7" + local userFullname="New User7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TKS_HOST -p $TKS_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0027pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0027pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0027pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TKS_HOST -p $TKS_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0027crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0027crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0027crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0027pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_adminUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0027crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_adminUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as TKS_agentUTCA ##### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0027: Adding a cert as TKS_agentUTCA should fail" + local userid="new_user9" + local userFullname="New User9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0028pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0028pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0028pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0028crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0028crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0028crmf.pem" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0028pkcs10.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_agentUTCA" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0028crmf.pem" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user TKS_agentUTCA" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Adding a cert as an TKS_operatorV ##### + +rlPhaseStartTest "pki_user_cli_user_cert-TKS-add-0028: Adding a cert as TKS_operatorV should fail" + local userid="new_user8" + local userFullname="New User8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0029pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0029pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0029crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0029crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0029crmf.pem" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0029pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_operatorV" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0029crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to a user as TKS_operatorV" + +rlPhaseEnd + + ##### Adding a cert as a user not associated with any group##### + +rlPhaseStartTest "pki_user_cli_user_cert-TKS-add-0029: Adding a cert as user not associated with an group, should fail" + local userid="new_user10" + local userFullname="New User10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$userFullname\" $userid" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn: subject_uid: subject_email: \ + organizationalunit: organization: country: archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0030pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0030pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0030pkcs10.pem" + + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0030crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0030crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0030crmf.pem" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0030pkcs10.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + command="pki -d $CERTDB_DIR -n $userid -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --input $TmpDir/pki_tks_user_cert_add_validcert_0030crmf.pem" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid as a user not associated with any group" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +##### Add one cert to a user - switching position of options ##### +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0030: Add one cert to a user - switching position of options should succeed" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0031pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0031pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0031pkcs10.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031pkcs10.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031pkcs10.pem $user2 > $TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0031crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0031crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0031crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031crmf.pem $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add --input $TmpDir/pki_tks_user_cert_add_validcert_0031crmf.pem $user2 > $TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" \ + 0 \ + "CRMF Cert is added to the user $user2" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0031crmf.out" + +rlPhaseEnd + +#### Add a cert to a user using --serial option with hexadecimal value" #### +rlPhaseStartTest "pki_user_cli_user_cert-add-0031: Add one cert to a user with --serial option hex" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_pkcs10_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_crmf_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0032crmf.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +#### Add a cert to a user using --serial option with decimal value" #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0032: Add one cert to a user with --serial option decimal" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033pkcs10.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber > $TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" \ + 0 \ + "CRMF Cert is added to the user $userid" + rlAssertGrep "Added certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + rlAssertGrep "Subject: UID=$userid,E=$userid@example.org,CN=$username,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_add_useraddcert_0033crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +#### Add one cert to a user with both --serial and --input options #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0033: Add one cert to a user with --serial and --input options should fail" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0034pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0034pkcs10.out > $TmpDir/pki_tks_user_cert_add_validcert_0034pkcs10.pem" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034pkcs10.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --serial=$valid_decimal_pkcs10_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034pkcs10.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$username\" subject_uid:$userid subject_email:$userid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_add_encoded_0034crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_add_encoded_0034crmf.out > $TmpDir/pki_tks_user_cert_add_validcert_0034crmf.pem" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034crmf.pem" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-user-cert-add $userid --serial=$valid_decimal_crmf_serialNumber --input=$TmpDir/pki_tks_user_cert_add_validcert_0034crmf.pem" + errmsg="Error: Conflicting options: --input and --serial." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with both --serial and --input options" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" + rlPhaseEnd + +#### --serial option with negative number #### + +rlPhaseStartTest "pki_user_cli_tks_user_cert-add-0034: Add one cert to a user with negative serial should fail" + local userid="testuser4" + local username="Test User4" + local dectohex="0x"$(echo "obase=16;-100"|bc) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --serial=-100" + errmsg="CertNotFoundException: Certificate ID $dectohex not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with negative serial number" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" +rlPhaseEnd + +#### Missing argument for --serial option #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0035: Add one cert to a user with missing argument for --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --serial" + errmsg="Error: Missing argument for option: serial" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with no argument for --serial option" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" +rlPhaseEnd + +#### --serial option with argument with characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-add-tks-0036: Add one cert to a user with character passed as argument to --serial" + local userid="testuser4" + local username="Test User4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$username\" $userid" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-add $userid --serial='abc'" + errmsg="NumberFormatException: For input string: \"abc\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding cert to $userid with characters passed as argument to --serial " + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $userid" +rlPhaseEnd +#rlPhaseStartTest "pki_ca_user_cli_user_cert-add-0038: client cert authentication using cross certification" +# local userid="new_adminV" +# local username="NEW CA Admin User" +# cat /etc/redhat-release | grep "Fedora" +# if [ $? -eq 0 ] ; then +# FLAVOR="Fedora" +# rlLog "Automation is running against Fedora" +# else +# FLAVOR="RHEL" +# rlLog "Automation is running against RHEL" +# fi +# rhcs_install_set_ldap_vars +# rlRun "mkdir $NEWCA_CLIENT_DIR" +# rlRun "mkdir $NEWCA_CERTDB_DIR" +# rlRun "rhds_install $NEWCA_LDAP_PORT $NEWCA_LDAP_INSTANCE_NAME \"$NEWCA_LDAP_ROOTDN\" $NEWCA_LDAP_ROOTDNPWD $NEWCA_LDAP_DB_SUFFIX $NEWCA_SUBSYSTEM_NAME" +# rlRun "sleep 10" +# echo "[DEFAULT]" > $NEWCA_INSTANCE_CFG +# echo "pki_instance_name=$NEWCA_TOMCAT_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_https_port=$NEWCA_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_http_port=$NEWCA_HTTP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_tomcat_server_port=$NEWCA_TOMCAT_SERVER_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_password=$NEWCA_ADMIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_pkcs12_password=$NEWCA_CLIENT_PKCS12_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_dir=$NEWCA_CERTDB_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_database_password=$NEWCA_CERTDB_DIR_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_database=$NEWCA_LDAP_INSTANCE_NAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_ldap_port=$NEWCA_LDAP_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_base_dn=$NEWCA_LDAP_DB_SUFFIX" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_bind_dn=$NEWCA_LDAP_ROOTDN" >> $NEWCA_INSTANCE_CFG +# echo "pki_ds_password=$NEWCA_LDAP_ROOTDNPWD" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_https_port=$NEWCA_SEC_DOMAIN_HTTPS_PORT" >> $NEWCA_INSTANCE_CFG +# echo "pki_security_domain_password=$NEWCA_SEC_DOMAIN_PASSWORD" >> $NEWCA_INSTANCE_CFG +# echo "pki_admin_nickname=$NEWCA_ADMIN_CERT_NICKNAME" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_dir=$NEWCA_CLIENT_DIR" >> $NEWCA_INSTANCE_CFG +# echo "pki_client_admin_cert_p12=$NEWCA_CLIENT_DIR/$NEWCA_ADMIN_CERT_NICKNAME.p12" >> $NEWCA_INSTANCE_CFG +# rlRun "pkispawn -s CA -v -f $NEWCA_INSTANCE_CFG > $NEWCA_INSTANCE_OUT 2>&1" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $ROOTCA_ALIAS" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_ALIAS" +# rlRun "sleep 10" +# rlLog "Executing: pki -d $NEWCA_CERTDB_DIR -n \"PKI Administrator for $ROOTCA_DOMAIN\" -c $NEWCA_CERTDB_DIR_PASSWORD -h $CA_HOST -t $SUBSYSTEM_TYPE -p $NEWCA_HTTP_PORT user-add --fullName=\"$username\" $userid" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"$username\" $userid > $TmpDir/newcanewuser.out 2>&1" 0 "Added a user to new CA" +# +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# group-member-add Administrators $userid > $TmpDir/pki-user-add-newca-group001.out 2>&1" \ +# 0 \ +# "Add user $userid to Administrators group" +# +# rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ +# algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ +# organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ +# target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ +# certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" +# local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) +# local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) +# rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" +# rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_user_cert_add-CA_encoded_0038pkcs10.out > $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem" + +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n \"PKI Administrator for $ROOTCA_DOMAIN\" \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# ca-user-cert-add $userid --input $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem > $TmpDir/pki-ca_user-cert-add-newca.out 2>&1" \ +# 0 \ +# "Added cert to user $userid" + +# rlRun "certutil -d $NEWCA_CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" +# rlRun "certutil -d $CERTDB_DIR -A -n \"$userid\" -i $TmpDir/pki_user_cert_add-CA_validcert_0038pkcs10.pem -t "u,u,u"" +# rlRun "sleep 10" + +# rlRun "install_and_trust_CA_cert $NEWCA_ROOT $CERTDB_DIR" +# rlRun "sleep 10" +# rlRun "install_and_trust_CA_cert $ROOTCA_ROOT $NEWCA_CERTDB_DIR" +# rlRun "sleep 10" + +# rlRun "systemctl restart pki-tomcatd@pki-new.service" +# rlRun "sleep 10" +# rlRun "systemctl restart pki-tomcatd@pki-master.service" +# rlRun "sleep 10" +# rlRun "pki -d $NEWCA_CERTDB_DIR \ +# -n $userid \ +# -c $NEWCA_CERTDB_DIR_PASSWORD \ +# -h $CA_HOST \ +# -t $SUBSYSTEM_TYPE \ +# -p $NEWCA_HTTP_PORT \ +# user-add --fullName=\"New Test User\" new_test_user > /tmp/newcanewuser.out 2>&1" 0 "Added a user to new CA" + +# rlRun "certutil -D -d $CERTDB_DIR -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $ROOTCA_ALIAS -n \"caSigningCert cert-pki-new CA\"" +# rlRun "certutil -D -d $CERTDB_DIR -n \"$userid\"" + +# rlRun "pkidestroy -s CA -i pki-new" +# rlRun "sleep 10" +# rlRun "remove-ds.pl -f -i slapd-pki-newca" +# rlRun "sleep 10" +# rlRun "rm -rf $NEWCA_CLIENT_DIR" +# rlFail "PKI ticket: https://fedorahosted.org/pki/ticket/1171" +#rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + j=1 + while [ $j -lt 11 ] ; do + eval usr="new_user$j" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-new-user-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-new-user-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-delete-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-delete-tks.sh new file mode 100755 index 000000000..f255833ff --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-delete-tks.sh @@ -0,0 +1,877 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-delete CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-delete-tks Delete the certs assigned to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-delete-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-delete-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + ##### Create temporary directory to save output files##### + rlPhaseStartSetup "pki_user_cli_user_cert-del-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +testname="pki_user_cert_del" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Tests to delete certs assigned to TKS users #### + + ##### Delete certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-002-tier1: Delete cert assigned to a user - valid UserID and CertID" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tks_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tks_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user1 \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_002pkcs10.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_002pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))$@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user1 \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_002crmf.out" \ + 0 \ + "Delete cert assigned to $user1" + rlAssertGrep "Deleted certificate \"2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_002crmf.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $user1" + rlPhaseEnd + + ##### Delete certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-003: pki user-cert-del should fail if an invalid Cert ID is provided" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 4 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_002pkcs10$i.out > $TmpDir/pki_tks_user_cert_del_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_002crmf$i.out > $TmpDir/pki_tks_user_cert_del_validcert_002crmf$i.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_del_validcert_002pkcs10$i.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_pkcs10_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_del_validcert_002crmf$i.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_crmf_002$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + i=0 + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '3;1000;CN=ROOTCA Signing Cert,O=redhat domain;UID=$user1,E=$user1@example.org,CN=$user1fullname,OU=Eng,O=Example,C=UK'" + rlLog "Executing: $command" + errmsg="PKIException: Failed to modify user." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Invalid Cert ID is provided" + + rlPhaseEnd + + ##### Delete certs asigned to a user - User does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-004: pki user-cert-del should fail if a non-existing User ID is provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del testuser4 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del testuser4 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: User not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if a non-existing User ID is provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-005: pki user-cert-del should fail is there is a mismatch of User ID and Cert ID" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user2 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user2 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ResourceNotFoundException: Certificate not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if there is a Cert ID and User ID mismatch" + rlPhaseEnd + + ##### Delete certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-006-tier1: pki user-cert-del should fail if User ID is not provided" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if User ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-007-tier1: pki user-cert-del should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1" + rlLog "Executing: $command" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if Cert ID is not provided" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-008: Delete certs assigned to a user - as TKS_agentV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-user-cert-del should fail if authenticating using a valid agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid agent cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-009: Delete certs assigned to a user - as TKS_auditorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid auditor cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0010: Delete certs assigned to a user - as TKS_adminE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0011: Delete certs assigned to a user - as TKS_agentE" + i=1 + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0012: Delete certs assigned to a user - as TKS_adminR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0013: Delete certs assigned to a user - as TKS_agentR should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Delete certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0014: Delete certs assigned to a user - as role_user_UTCA should fail" + i=1 + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using an untrusted cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - as TKS_operatorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-TKS-0015: Delete certs assigned to a user - as TKS_operatorV should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if authenticating using a valid operator cert" + rlPhaseEnd + + ##### Delete certs asigned to a user - as a user not assigned to any role ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0016: Delete certs assigned to a user - as a user not assigned to any role should fail" + i=1 + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + command="pki -d $CERTDB_DIR/ -n $user2 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del $user1 '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US'" + rlLog "Executing: $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Error should be thrown when authentication as a user not assigned to any role" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Delete certs asigned to a user - switch positions of the required options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0017: Delete certs assigned to a user - switch positions of the required options" + i=1 + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del '2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + + command="pki -d $CERTDB_DIR/ -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-del '2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US' $user1" + rlLog "Executing: $command" + errmsg="Error:" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-del should fail if the required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/969" + rlPhaseEnd + + ### Tests to delete certs assigned to TKS users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0019: Delete certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_0019pkcs10.out > $TmpDir/pki_tks_user_cert_del_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_0019crmf.out > $TmpDir/pki_tks_user_cert_del_validcert_0019crmf.pem" + + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_del_validcert_0019pkcs10.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_pkcs10_0019.out" \ + 0 \ + "Cert is added to the user $user2" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_del_validcert_0019crmf.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_crmf_0019.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_0019pkcs10.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_0019pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_0019crmf.out" \ + 0 \ + "Delete cert assigned to $user2" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_0019crmf.out" + rlPhaseEnd + + ##### Add an Admin user "admin_user", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail ##### + + rlPhaseStartTest "pki_user_cli_user_cert-del-tks-0020: Add an Admin user \"admin_user\", add a cert to admin_user, add a new user as admin_user, delete the cert assigned to admin_user and then adding a new user should fail" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"Admin User\" --password=Secret123 admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add Administrators admin_user > $TmpDir/pki-user-add-tks-group0019.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"Admin User1\" --password=Secret123 admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add Administrators admin_user1 > $TmpDir/pki-user-add-tks-group00191.out" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Admin User\" subject_uid:\"admin_user\" subject_email:admin_user@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_0020pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_0020pkcs10.out > $TmpDir/pki_tks_user_cert_del_validcert_0020pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Admin User1\" subject_uid:\"admin_user1\" subject_email:admin_user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_del_encoded_0020crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_del_encoded_0020crmf.out > $TmpDir/pki_tks_user_cert_del_validcert_0020crmf.pem" + + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user --input $TmpDir/pki_user_cert_del_validcert_0020pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user --input $TmpDir/pki_tks_user_cert_del_validcert_0020pkcs10.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_0020pkcs10.out" \ + 0 \ + "PKCS10 Cert is added to the user admin_user" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user-pkcs10\" -i $TmpDir/pki_tks_user_cert_del_validcert_0020pkcs10.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User1\" new_test_user1" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user-pkcs10 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User1\" new_test_user1 > $TmpDir/pki_tks_user_cert_del_useradd_0020.out 2>&1" \ + 0 \ + "Adding a new user as admin_user" + rlAssertGrep "Added user \"new_test_user1\"" "$TmpDir/pki_tks_user_cert_del_useradd_0020.out" + rlAssertGrep "User ID: new_test_user1" "$TmpDir/pki_tks_user_cert_del_useradd_0020.out" + rlAssertGrep "Full name: New Test User1" "$TmpDir/pki_tks_user_cert_del_useradd_0020.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del admin_user \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_0020pkcs10.out" \ + 0 \ + "Delete cert assigned to admin_user" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=admin_user,E=admin_user@example.org,CN=Admin User,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_0020pkcs10.out" + + command="pki -d $TEMP_NSS_DB -n admin-user-pkcs10 -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT -t tks user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user-pkcs10 after deleting the cert from the user" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_del_validcert_0020crmf.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add admin_user1 --input $TmpDir/pki_tks_user_cert_del_validcert_0020crmf.pem > $TmpDir/pki_tks_user_cert_del_useraddcert_0020crmf.out" \ + 0 \ + "CRMF Cert is added to the user admin_user1" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"admin-user1-crmf\" -i $TmpDir/pki_tks_user_cert_del_validcert_0020crmf.pem -t "u,u,u"" + + rlLog "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User2\" new_test_user2" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n admin-user1-crmf \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New Test User2\" new_test_user2 > $TmpDir/pki_tks_user_cert_del_useradd_0020crmf.out 2>&1" \ + 0 \ + "Adding a new user as admin_user1" + rlAssertGrep "Added user \"new_test_user2\"" "$TmpDir/pki_tks_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "User ID: new_test_user2" "$TmpDir/pki_tks_user_cert_del_useradd_0020crmf.out" + rlAssertGrep "Full name: New Test User2" "$TmpDir/pki_tks_user_cert_del_useradd_0020crmf.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-del admin_user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_del_0020crmf.out" \ + 0 \ + "Delete cert assigned to admin_user1" + rlAssertGrep "Deleted certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=admin_user1,E=admin_user1@example.org,CN=Admin User1,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_del_0020crmf.out" + + command="pki -d $TEMP_NSS_DB -n admin-user1-crmf -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT -t tks user-add --fullName='New Test User6' new_test_user6" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Adding a new user as admin_user1-crmf after deleting the cert from the user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del Administrators admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del Administrators admin_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del admin_user" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del admin_user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del new_test_user1" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del new_test_user2" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-find-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-find-tks.sh new file mode 100755 index 000000000..b164c55a2 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-find-tks.sh @@ -0,0 +1,1123 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-find-tks Finding the certs assigned to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-user-cli-tks-user-cert-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-find-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + #####Create temporary dir to save the output files##### + rlPhaseStartSetup "pki_user_cli_user_cert-find-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +cert_info="$TmpDir/cert_info" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +eval ${subsystemId}_signing_cert_subj=${subsystemId}_SIGNING_CERT_SUBJECT_NAME +ROOTCA_agent_user=${caId}_agentV +admin_cert_nickname=$(eval echo \$${caId}_ADMIN_CERT_NICKNAME) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + ##### Find certs assigned to a TKS user - with userid argument - this user has only a single page of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-002: Find the certs of a user in TKS --userid only - single page of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user1[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user1[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_002pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_002pkcs10$i.out > $TmpDir/pki_tks_user_cert_find_validcert_002pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user1fullname$(($i+1))\" subject_uid:$user1$(($i+1)) subject_email:$user1$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser1[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser1[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_002crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_002crmf$i.out > $TmpDir/pki_tks_user_cert_find_validcert_002crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_002pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_002pkcs10$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_002crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_002crmf$i.pem > $TmpDir/useraddcert__002_$i.out" \ + 0 \ + "Cert is added to the user $user1" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 > $TmpDir/pki_tks_user_cert_find_002.out" \ + 0 \ + "Finding certs assigned to $user1" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_002.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_002.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_002.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_002.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TKS user - with userid argument - this user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-003: Find the certs of a user in TKS --userid only - multiple pages of certs" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + while [ $i -lt 12 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10user2[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10user2[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_003pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_003pkcs10$i.out > $TmpDir/pki_tks_user_cert_find_validcert_003pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname$(($i+1))\" subject_uid:$user2$(($i+1)) subject_email:$user2$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfuser2[$i]=$valid_crmf_serialNumber + serialdecimalcrmfuser2[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_003crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_003crmf$i.out > $TmpDir/pki_tks_user_cert_find_validcert_003crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_find_validcert_003pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_find_validcert_003pkcs10$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_find_validcert_003crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_find_validcert_003crmf$i.pem > $TmpDir/useraddcert__003_$i.out" \ + 0 \ + "Cert is added to the user $user2" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 > $TmpDir/pki_tks_user_cert_find_003.out" \ + 0 \ + "Finding certs assigned to $user2" + let numcertsuser2=($i*2) + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_003.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_003.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_003.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_003.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tks_user_cert_find_003.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with userid argument - user id does not exist #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-004: Find the certs of a user in TKS --userid only - user does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find tuser" + errmsg="UserNotFoundException: User tuser not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - User not found message should be thrown when finding certs assigned to a user that does not exist" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with userid argument - no certs added to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-005: Find the certs of a user in TKS --userid only - no certs added to the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user3fullname\" $user3" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user3" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user3 > $TmpDir/pki_tks_user_cert_find_005.out" \ + 0 \ + "Finding certs assigned to $user3" + rlAssertGrep "0 entries matched" "$TmpDir/pki_tks_user_cert_find_005.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-006: Find the certs of a user in TKS --size - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=2 > $TmpDir/pki_tks_user_cert_find_006.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_006.out" + i=0 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[0]}" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_006.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[0]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[0]}" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_006.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_006.out" + + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki_tks_user_cert_find_006.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-007: Find the certs of a user in TKS --size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=0 > $TmpDir/pki_tks_user_cert_find_007.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_007.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tks_user_cert_find_007.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-008: Find the certs of a user in TKS --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user1 --size=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size option having an argument that is greater than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-009: Find the certs of a user in TKS --size - a number greater than number of certs assigned to the user" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --size=50 > $TmpDir/pki_tks_user_cert_find_009.out" \ + 0 \ + "Finding certs assigned to $user1 --size=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_009.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_009.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_009.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_009.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start option having an argument that is less than the actual number of certs assigned to the user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-010: Find the certs of a user in TKS --start - a number less than the actual number of certs" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $ruser1 --start=2" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=2 > $TmpDir/pki_tks_user_cert_find_0010.out" \ + 0 \ + "Finding certs assigned to $user1" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0010.out" + let newnumcerts=$numcertsuser1-2 + i=1 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[1]}" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0010.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[1]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[1]}" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0010.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0010.out" + + rlAssertGrep "Number of entries returned $newnumcerts" "$TmpDir/pki_tks_user_cert_find_0010.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-011: Find the certs of a user in TKS --start=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=0 > $TmpDir/pki_tks_user_cert_find_0011.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_0011.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user1[$i]}" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0011.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser1[$i]};$ca_signing_cert_subj_name;UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser1[$i]}" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0011.out" + rlAssertGrep "Subject: UID=$user1$(($i+1)),E=$user1$(($i+1))@example.org,CN=$user1fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0011.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0, the user has multiple pages of certs #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-012: Find the certs of a user in TKS --start=0 - multiple pages" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=0 > $TmpDir/pki_tks_user_cert_find_0012.out" \ + 0 \ + "Finding certs assigned to $user2 --start=0" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0012.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0012.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0012.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0012.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tks_user_cert_find_0012.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-013: Find the certs of a user in TKS --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user1 --start=-1" + errmsg="The value for size shold be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=50 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-014: Find the certs of a user in TKS --start=50" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=50" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=50 > $TmpDir/pki_tks_user_cert_find_0014.out" \ + 0 \ + "Finding certs assigned to $user1 --start=50" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0014.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tks_user_cert_find_0014.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0 and size=0 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-015: Find the certs of a user in TKS --start=0 and size=0" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=0 --size=0" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 --start=0 --size=0 > $TmpDir/pki_tks_user_cert_find_0015.out" \ + 0 \ + "Finding certs assigned to $user1 --start=0" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0015.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki_tks_user_cert_find_0015.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=1 and --start=1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-016: Find the certs of a user in TKS --start=1 --size=1" + newuserid=newuser + newuserfullname="New User" + i=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$newuserfullname\" $newuserid" + while [ $i -lt 2 ] ; do + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexpkcs10newuser[$i]=$valid_pkcs10_serialNumber + serialdecimalpkcs10newuser[$i]=$valid_decimal_pkcs10_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_0016pkcs10$i.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_0016pkcs10$i.out > $TmpDir/pki_tks_user_cert_find_validcert_0016pkcs10$i.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname$(($i+1))\" subject_uid:$newuserid$(($i+1)) subject_email:$newuserid$(($i+1))@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + serialhexcrmfnewuser[$i]=$valid_crmf_serialNumber + serialdecimalcrmfnewuser[$i]=$valid_decimal_crmf_serialNumber + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_0016crmf$i.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_0016crmf$i.out > $TmpDir/pki_tks_user_cert_find_validcert_0016crmf$i.pem" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --input $TmpDir/pki_tks_user_cert_find_validcert_0016pkcs10$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --input $TmpDir/pki_tks_user_cert_find_validcert_0016pkcs10$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --input $TmpDir/pki_tks_user_cert_find_validcert_0016crmf$i.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --input $TmpDir/pki_tks_user_cert_find_validcert_0016crmf$i.pem > $TmpDir/useraddcert__0016_$i.out" \ + 0 \ + "Cert is added to the user $newuserid" + let i=$i+1 + done + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $newuserid" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $newuserid > $TmpDir/pki_tks_user_cert_find_0016.out" \ + 0 \ + "Finding certs assigned to $newuserid" + let numcertsuser1=($i*2) + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_0016.out" + i=0 + while [ $i -lt 2 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10newuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10newuser[$i]}" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0016.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfnewuser[$i]};$ca_signing_cert_subj_name;UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Serial Number: ${serialhexcrmfnewuser[$i]}" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0016.out" + rlAssertGrep "Subject: UID=$newuserid$(($i+1)),E=$newuserid$(($i+1))@example.org,CN=$newuserfullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0016.out" + + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $newuserid" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=-1 and size=-1 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-017: Find the certs of a user in TKS --start=-1 and size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user1 --start=-1 --size=-1" + errmsg="The value for size and start should be greater than or equal to 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - the value for --start and --size should not be less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=20 and size=20 #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-018: Find the certs of a user in TKS --start --size equal to page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=20 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=20 --size=20 > $TmpDir/pki_tks_user_cert_find_0018.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0018.out" + i=10 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0018.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0018.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0018.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 4" "$TmpDir/pki_tks_user_cert_find_0018.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start=0 and --size has an argument greater that default page size (20 certs) #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-019: Find the certs of a user in TKS --start=0 --size greater than default page size - default page size=20 entries" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=0 --size=20" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=0 --size=20 > $TmpDir/pki_tks_user_cert_find_0019.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0019.out" + i=0 + while [ $i -lt 10 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0019.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0019.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0019.out" + + let i=$i+1 + done + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki_tks_user_cert_find_0019.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --size=1 and --start has a value greater than the default page size #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-020: Find the certs of a user in TKS --start - values greater than default page size --size=1" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=22 --size=1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=22 --size=1 > $TmpDir/pki_tks_user_cert_find_0020.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0020.out" + i=11 + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0020.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki_tks_user_cert_find_0020.out" +rlPhaseEnd + +##### Find certs assigned to a TKS user - with --start has argument greater than default page size and size has an argument greater than the certs available from the --start value #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-021: Find the certs of a user in TKS --start - values greater than default page size --size - value greater than the available number of certs from the start value" + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=22 --size=10" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user2 --start=22 --size=10 > $TmpDir/pki_tks_user_cert_find_0021.out" \ + 0 \ + "Finding certs assigned to $user2" + rlAssertGrep "$numcertsuser2 entries matched" "$TmpDir/pki_tks_user_cert_find_0021.out" + i=11 + while [ $i -lt 12 ] ; do + rlAssertGrep "Cert ID: 2;${serialdecimalpkcs10user2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexpkcs10user2[$i]}" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0021.out" + + rlAssertGrep "Cert ID: 2;${serialdecimalcrmfuser2[$i]};$ca_signing_cert_subj_name;UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Serial Number: ${serialhexcrmfuser2[$i]}" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0021.out" + rlAssertGrep "Subject: UID=$user2$(($i+1)),E=$user2$(($i+1))@example.org,CN=$user2fullname$(($i+1)),OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0021.out" + + let i=$i+1 + done +rlPhaseEnd + +##### Tests to find certs assigned to TKS users - i18n characters #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-022: Find certs assigned to user - Subject Name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_pkcs10@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_0022pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_0022pkcs10.out > $TmpDir/pki_tks_user_cert_find_validcert_0022pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:test_crmf@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_find_encoded_0022crmf.out" 0 "Executing pki cert-show $valid_crmf_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_find_encoded_0022crmf.out > $TmpDir/pki_tks_user_cert_find_validcert_0022crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_0022pkcs10.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_find_validcert_0022crmf.pem > $TmpDir/useraddcert__0022.out" \ + 0 \ + "Cert is added to the user $user1" + let numcertsuser1=$numcertsuser1+2 + rlLog "Executing: pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-find $user1 > $TmpDir/pki_tks_user_cert_find_0022.out" \ + 0 \ + "Finding certs assigned to $user1" + + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_pkcs10@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0022.out" + + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=test_crmf@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "$numcertsuser1 entries matched" "$TmpDir/pki_tks_user_cert_find_0022.out" + rlAssertGrep "Number of entries returned $numcertsuser1" "$TmpDir/pki_tks_user_cert_find_0022.out" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a valid agent user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-023: Find the certs of a user as TKS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message user-cert-find should fail when authenticated as a valid agent user" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a valid auditor user #### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-024: Find the certs of a user as TKS_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a valid auditor user" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a admin user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-025: Find the certs of a user as TKS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as an admin user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-026: Find the certs of a user as TKS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as an agent user with revoked cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-027: Find the certs of a user as TKS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with a revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as an agent user with expired cert ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-028: Find the certs of a user as TKS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an agent user with an expired cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a user whose TKS cert has not been trusted ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-029: Find the certs of a user as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as an admin user with untrusted cert" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a valid operator user ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-030: Find the certs of a user as operatorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as operatorV" +rlPhaseEnd + +#### Find certs assigned to a TKS user - authenticating as a user not associated with any role ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-031: Find the certs of a user as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find $user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail when authenticated as a user not assigned to any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" +rlPhaseEnd + +#### Find certs assigned to a TKS user - userid is missing ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-032: Find the certs of a user - userid missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-user-cert-find should fail without User ID" +rlPhaseEnd + +#### Find certs assigned to a TKS user - user id missing with --start and --size options ### + +rlPhaseStartTest "pki_user_cli_user_cert-find-tks-033: Find the certs of a user - userid missing with --start and --size options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-find --start=1 --size=1" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - user-cert-find should fail without User ID" +rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + + j=1 + while [ $j -lt 4 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-show-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-show-tks.sh new file mode 100755 index 000000000..80d73ccf4 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-cert-show-tks.sh @@ -0,0 +1,1115 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cert-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-cert-show-tks Show the certs assigned to users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-cert-show-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## + +run_pki-user-cli-user-cert-show-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + ##### Create temporary directory to save output files ##### + rlPhaseStartSetup "pki_user_cli_user_cert-show-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +ca_signing_cert_subj_name=$(eval echo \$${caId}_SIGNING_CERT_SUBJECT_NAME) + +user1=testuser1 +user2=testuser2 +user1fullname="Test user1" +user2fullname="Test user2" +user3=testuser3 +user3fullname="Test user3" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local exp="$TmpDir/expfile.out" +local cert_info="$TmpDir/cert_info" +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + + ##### Tests to find certs assigned to TKS users #### + + ##### Show certs asigned to a user - valid Cert ID and User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-002: Show certs assigned to a user - valid UserID and CertID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user2fullname\" $user2" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_002pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_002pkcs10.out > $TmpDir/pki_tks_user_cert_show_validcert_002pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$user2fullname\" subject_uid:$user2 subject_email:$user2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_002crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_002crmf.out > $TmpDir/pki_tks_user_cert_show_validcert_002crmf.pem" + rlLog "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_show_validcert_002pkcs10.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_show_validcert_002pkcs10.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_002.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_002.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user2 --input $TmpDir/pki_tks_user_cert_show_validcert_002crmf.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_002crmf.out" \ + 0 \ + "Cert is added to the user $user2" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" \ + 0 \ + "Show cert assigned to $user2" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_002crmf.out" + + rlPhaseEnd + ##### Show certs asigned to a user - invalid Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-003: pki user-cert-show should fail if an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '3;$valid_decimal_pkcs10_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '3;$valid_decimal_crmf_serialNumber;CN=ROOTCA Signing Cert,O=redhat Domain;UID=user2,E=user2@example.org,CN=user2fullname,OU=Eng,O=Example,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when an invalid Cert ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - non-existing User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-004: pki user-cert-show should fail if a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show testuser4 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non-existing User ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show testuser4 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="UserNotFoundException: User testuser4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when a non existing User ID is provided" + + rlPhaseEnd + + ##### Show certs asigned to a user - User ID and Cert ID mismatch ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-005: pki user-cert-show should fail is there is a mismatch of User ID and Cert ID" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user1 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user1 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user1" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when there is a User ID and Cert ID mismatch" + rlPhaseEnd + + ##### Show certs asigned to a user - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-006-tier1: pki user-cert-show should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when User ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-007-tier1: pki user-cert-show should fail if Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"New User1\" u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show u16" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should throw an error when Cert ID is not provided" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u16" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-008: Show certs assigned to a user - --encoded option - Valid Cert ID and User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out" + + rlLog "$(cat $TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usershowcert_008pkcs10.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded > $TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded option" + + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out" + + rlLog "$(cat $TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out | grep Subject | awk -F":" '{print $2}')" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usershowcert_008crmf.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-009: pki user-cert-show with --encoded option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --encoded option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0010: pki user-cert-show with --encoded option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 --encoded" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --encoded option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --output <file> option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0011: Show certs assigned to a user - --output <file> option - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out > $TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --output $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out > $TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --output option" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + rlRun "openssl x509 -in $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0011crmf.out" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0012: pki user-cert-show with --output option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output $TmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0013: pki user-cert-show with --output option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 --output $TmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Directory does not exist ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0014: pki user-cert-show with --output option should fail if directory does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_pkcs10_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out" + errmsg="FileNotFoundException: /tmp/tmpDir/pki_tks_user_cert_show_usercertshow_crmf_output.out (No such file or directory)" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when directory does not exist" + + rlPhaseEnd + + ##### Show certs asigned to a user with --output option - Missing argument for --output option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0015: pki user-cert-show with --output option should fail if argument for --option is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --output" + errmsg="Error: Missing argument for option: output" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --output option should throw an error when argument for --option is missing" + + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty option ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0016: Show certs assigned to a user - --pretty option - Valid Cert ID, User ID" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016pkcs10.out" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --pretty > $TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty option" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0016crmf.out" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no User ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0017: pki user-cert-show with --pretty option should fail if User ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for pkcs10 cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when User ID is not provided for crmf cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user with --pretty option - no Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0018: pki user-cert-show with --pretty option should fail if Cert ID is not provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 --pretty" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show with --pretty option should throw an error when Cert ID is not provided" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/967" + rlPhaseEnd + + ##### Show certs asigned to a user - --pretty, --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-0019-tier1: Show certs assigned to a user - --pretty, --encoded and --output options - Valid Cert ID, User ID and file" + newuserid=newuser + newuserfullname="New User" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$newuserfullname\" $newuserid" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10_new=$(echo $valid_pkcs10_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_PKCS10_new=${STRIP_HEX_PKCS10_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber_new --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0019pkcs10.out > $TmpDir/pki_tks_user_cert_show_validcert_0019pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"$newuserfullname\" subject_uid:$newuserid subject_email:$newuserid@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber_new=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber_new=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF_new=$(echo $valid_crmf_serialNumber_new | cut -dx -f2) + local CONV_UPP_VAL_CRMF_new=${STRIP_HEX_CRMF_new^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber_new --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0019crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber_new" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0019crmf.out > $TmpDir/pki_tks_user_cert_show_validcert_0019crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --serial $valid_decimal_pkcs10_serialNumber_new" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $newuserid --serial $valid_decimal_crmf_serialNumber_new" + + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_pkcs10_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $newuserid \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_pkcs10_output0019 > $TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber_new" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0019" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_pkcs10_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_crmf_output0019" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $newuserid \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --pretty --output $TmpDir/tks_user_cert_show_crmf_output0019 > $TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --pretty --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber_new;$ca_signing_cert_subj_name;UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber_new" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject: UID=$newuserid,E=$newuserid@example.org,CN=$newuserfullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature Algorithm" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Validity" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Subject Public Key Info" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Extensions" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "Signature" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0019crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0019" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0019" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_crmf_output0019 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber_new ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $newuserid" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_agentV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0020: Show certs assigned to a user - as TKS_agentV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid agent cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_auditorV ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0021: Show certs assigned to a user - as TKS_auditorV should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a valid auditor cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_adminE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0022: Show certs assigned to a user - as TKS_adminE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired admin cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_agentE ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0023: Show certs assigned to a user - as TKS_agentE should fail" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an expired agent cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_adminR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0024: Show certs assigned to a user - as TKS_adminR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS_agentR ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0025: Show certs assigned to a user - as TKS_agentR should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + ##### Show certs asigned to a user - as role_user_UTCA ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0026: Show certs assigned to a user - as role_user_UTCA should fail" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an untrusted cert" + rlPhaseEnd + + ##### Show certs asigned to a user - as TKS operator user ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0027: Show certs assigned to a user - as TKS operator user should fail" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when authenticating with an operator user" + rlPhaseEnd + + ##### Show certs asigned to a user - --encoded and --output options ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0028: Show certs assigned to a user - --encoded and --output options - Valid Cert ID, User ID and file" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_pkcs10_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_pkcs10_output0028 > $TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028pkcs10.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_pkcs10_output0028" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_pkcs10_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_pkcs10" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_pkcs10| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_pkcs10_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_crmf_output0028" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user2 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\" --encoded --output $TmpDir/tks_user_cert_show_crmf_output0028 > $TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" \ + 0 \ + "Show cert assigned to $user2 with --encoded and --output options" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "Subject: UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/pki_tks_user_cert_show_usershowcert_0028crmf.out" + rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0028" + rlAssertGrep "\-----END CERTIFICATE-----" "$TmpDir/tks_user_cert_show_crmf_output0028" + rlRun "openssl x509 -in $TmpDir/tks_user_cert_show_crmf_output0028 -noout -serial 1> $TmpDir/temp_out-openssl_crmf" 0 "Run openssl to verify PEM output" + openssl_out_serial=$(cat $TmpDir/temp_out-openssl_crmf| grep serial | cut -d= -f2) + dec_openssl_out_serial=$(echo "ibase=16;$openssl_out_serial"|bc) + if [ $dec_openssl_out_serial = $valid_decimal_crmf_serialNumber ] ; then + + rlPass "Serial number matches" + else + rlFail "Serial number does not match" + fi + rlPhaseEnd + + ##### Show certs asigned to a user - as a user not associated with any role##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0029: Show certs assigned to a user - as a user not associated with any role, should fail" + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + + command="pki -d $CERTDB_DIR -n $user1 -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show shouls fail when authenticating with an user not associated with any role" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Show certs asigned to a user - switch position of the required options##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0030: Show certs assigned to a user - switch position of the required options" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show '2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US' $user2" + errmsg="User Not Found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when required options are switched positions" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/968" + rlPhaseEnd + + ##### Show certs asigned to a user - incomplete Cert ID ##### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-0031: pki user-cert-show should fail if an incomplete Cert ID is provided" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_pkcs10_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-cert-show $user2 '2;$valid_decimal_crmf_serialNumber;UID=$user2,E=$user2@example.org,CN=$user2fullname,OU=Engineering,O=Example.Inc,C=US'" + errmsg="ResourceNotFoundException: No certificates found for $user2" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki user-cert-show should fail when an incomplete Cert ID is provided" + rlPhaseEnd + + ### Tests to show certs assigned to TKS users - i18n characters #### + + rlPhaseStartTest "pki_user_cli_user_cert-show-tks-032: Show certs assigned to user - Subject name has i18n Characters" + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_PKCS10=$(echo $valid_pkcs10_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_PKCS10=${STRIP_HEX_PKCS10^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0032pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0032pkcs10.out > $TmpDir/pki_tks_user_cert_show_validcert_0032pkcs10.pem" + + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:crmf \ + algo:rsa key_size:2048 subject_cn:\"Örjan Äke\" subject_uid:\"Örjan Äke\" subject_email:$user1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_crmf_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_crmf_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + local STRIP_HEX_CRMF=$(echo $valid_crmf_serialNumber | cut -dx -f2) + local CONV_UPP_VAL_CRMF=${STRIP_HEX_CRMF^^} + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_crmf_serialNumber --encoded > $TmpDir/pki_tks_user_cert_show_encoded_0032crmf.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_user_cert_show_encoded_0032crmf.out > $TmpDir/pki_tks_user_cert_show_validcert_0032crmf.pem" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_show_validcert_0032pkcs10.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user1 \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_pkcs10_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Serial Number: $valid_pkcs10_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_0032.out" + + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add $user1 --input $TmpDir/pki_tks_user_cert_show_validcert_0032crmf.pem > $TmpDir/pki_tks_user_cert_show_useraddcert_crmf_0032.out" \ + 0 \ + "Cert is added to the user $user1" + rlLog "Executing pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-show $user1 \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\" > $TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" \ + 0 \ + "Show cert assigned to $user1" + rlAssertGrep "Certificate \"2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US\"" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Cert ID: 2;$valid_decimal_crmf_serialNumber;$ca_signing_cert_subj_name;UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Version: 2" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Serial Number: $valid_crmf_serialNumber" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Issuer: $ca_signing_cert_subj_name" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + rlAssertGrep "Subject: UID=Örjan Äke,E=$user1@example.org,CN=Örjan Äke,OU=Engineering,O=Example.Inc,C=US" "$TmpDir/pki_tks_user_cert_show_usershowcert_crmf_0032.out" + + rlPhaseEnd + + #===Deleting users===# +rlPhaseStartCleanup "pki_tks_user_cli_user_cleanup: Deleting role users" + j=1 + while [ $j -lt 3 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlLog "TKS instance not created" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-del-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-del-tks.sh new file mode 100755 index 000000000..c16de6501 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-del-tks.sh @@ -0,0 +1,726 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-del Delete pki subsystem TKS users. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-del.sh +######################################################################## + +run_pki-user-cli-user-del-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + rlPhaseStartSetup "pki_user_cli_user_del-TKS-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + if [ "$tks_instance_created" = "TRUE" ] ; then + rlPhaseStartTest "pki_user_cli_user_del-TKS-tks-configtest-001: pki user-del --help configuration test" + rlRun "pki user-del --help > $TmpDir/user_del.out 2>&1" 0 "pki user-del --help" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-tks-configtest-002: pki user-del configuration test" + rlRun "pki user-del > $TmpDir/user_del_2.out 2>&1" 255 "pki user-del" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/user_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/user_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/user_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-003: Delete valid users" + user1=ca_agent2 + user1fullname="Test ca_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + #positive test cases + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user1-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user1-00$i.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u$i" + errmsg="UserNotFoundException: User u$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let i=$i+1 + done + #Add users to CA using ${prefix}_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval usr=\$user$i + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user $usr" + let i=$i+1 + done + + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user2-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user2-00$j.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show $usr" + errmsg="UserNotFoundException: User $usr not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-004: Case sensitive userid" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user user_abc" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del USER_ABC > $TmpDir/pki-user-del-tks-user-002_1.out" \ + 0 \ + "Deleted user USER_ABC userid is not case sensitive" + rlAssertGrep "Deleted user \"USER_ABC\"" "$TmpDir/pki-user-del-tks-user-002_1.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show user_abc" + errmsg="UserNotFoundException: User user_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user user_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-005: Delete user when required option user id is missing" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del > $TmpDir/pki-user-del-tks-user-003_1.out 2>&1" \ + 255 \ + "Cannot delete a user without userid" + rlAssertGrep "usage: user-del <User ID>" "$TmpDir/pki-user-del-tks-user-003_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-006: Maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test \"$user2\" > $TmpDir/pki-user-add-tks-001_1.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum user id length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del \"$user2\" > $TmpDir/pki-user-del-tks-user-006.out" \ + 0 \ + "Deleting user with maximum user id length using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-tks-user-006.out | grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user \"$user2\" found" + else + rlFail "Deleted user \"$user2\" not found" + fi + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show \"$user2\"" + errmsg="UserNotFoundException: User \"$user2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-007: userid with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + userid=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + userid=$userid$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test '$userid' > $TmpDir/pki-user-add-tks-001_8.out" \ + 0 \ + "Added user using ${prefix}_adminV with maximum userid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del '$userid' > $TmpDir/pki-user-del-tks-user-007.out" \ + 0 \ + "Deleting user with maximum user id length and character symbols using ${prefix}_adminV" + actual_userid_string=`cat $TmpDir/pki-user-del-tks-user-007.out| grep 'Deleted user' | xargs echo` + expected_userid_string="Deleted user $userid" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "Deleted user $userid found" + else + rlFail "Deleted user $userid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show '$userid' > $TmpDir/pki-user-del-tks-user-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted user with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-user-del-tks-user-007_2.out| grep 'UserNotFoundException:' | xargs echo` + expected_error_string="UserNotFoundException: User $userid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "UserNotFoundException: User $userid not found message found" + else + rlFail "UserNotFoundException: User $userid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-008: delete user that has all attributes and a certificate" + user1="testuser1" + user1fullname="Test tks_agent" + email="tks_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + pem_file="$TmpDir/testuser1.pem" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + $user1 > $TmpDir/pki-user-add-tks-008.out" \ + 0 \ + "Add user $user1 to TKS -- all options provided" + #Add certificate to the user + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"$user1\" \"$user1fullname\" \ + \"$user1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --output $pem_file" 0 "command pki cert-show $valid_serialNumber --output" + rlLog "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-cert-add $user1 --input $pem_file" + rlRun "pki -d $CERTDB_DIR/ \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-cert-add $user1 --input $pem_file > $TmpDir/pki_user_cert_add_${prefix}_useraddcert_008.out" \ + 0 \ + "Cert is added to the user $user1" + #Add user to Administrator's group + gid="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add $user1 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-008.out" \ + 0 \ + "Adding user $user1 to group \"$gid\"" + #Delete user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del $user1 > $TmpDir/pki-user-del-tks-user-008.out" \ + 0 \ + "Deleting user $user1 with all attributes and a certificate" + rlAssertGrep "Deleted user \"$user1\"" "$TmpDir/pki-user-del-tks-user-008.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show $user1" + errmsg="UserNotFoundException: User $user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user $user1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-009: Delete user from CA with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"u22fullname\" u22 > $TmpDir/pki-user-add-tks-009.out" \ + 0 \ + "Add user u22 to CA" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u22 > $TmpDir/pki-user-del-tks-user-009.out" \ + 0 \ + "Deleting user u22 using -t tks option" + rlAssertGrep "Deleted user \"u22\"" "$TmpDir/pki-user-del-tks-user-009.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u22" + errmsg="UserNotFoundException: User u22 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user u22 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-010: Should not be able to delete user using a revoked cert TKS_adminR" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"u23fullname\" u23 > $TmpDir/pki-user-add-tks-010.out" \ + 0 \ + "Add user u23 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a admin having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23 > $TmpDir/pki-user-show-tks-001.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-tks-001.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tks-001.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-tks-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-011: Should not be able to delete user using a agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u23" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u23 using a agent having a revoked cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23 > $TmpDir/pki-user-show-tks-002.out" \ + 0 \ + "Show user u23" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-tks-002.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tks-002.out" + rlAssertGrep "Full name: u23fullname" "$TmpDir/pki-user-show-tks-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + + #Cleanup:delete user u23 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u23 > $TmpDir/pki-user-del-tks-002_2.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-012: Should not be able to delete user using a valid agent TKS_agentV user" + #Add a user + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"u24fullname\" u24 > $TmpDir/pki-user-add-tks-012.out" \ + 0 \ + "Add user u24 to CA" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a valid agent cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-003.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-003.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-003.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-013: Should not be able to delete user using a admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-004.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-004.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-004.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-014: Should not be able to delete a user using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="ClientResponseFailure: Error status 401 Unauthorized returned" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-005.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-005.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-005.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-015: Should not be able to delete user using a TKS_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a audit cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-006.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-006.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-006.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-016: Should not be able to delete user using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a operator cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-007.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-007.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-007.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-017: Should not be able to delete user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n role_user_UTCA \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u24" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete user u24 using a untrusted cert" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-008.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-008.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-008.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-018: Should not be able to delete user using a user cert" + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + #Create a user cert + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate request" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t \"u,u,u\"" + local expfile="$TmpDir/expfile_pkiuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n pkiUser1 -c Password -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-del u24" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + cat $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-del-tks-pkiUser1-002.out 2>&1" 255 "Should not be able to delete users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-del-tks-pkiUser1-002.out" + #Make sure user is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-009.out" \ + 0 \ + "Show user u24" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-009.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-009.out" + rlAssertGrep "Full name: u24fullname" "$TmpDir/pki-user-show-tks-009.out" + + #Cleanup:delete user u24 + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u24 > $TmpDir/pki-user-del-tks-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-019: delete user name with i18n characters" + rlLog "user-add username ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u19 > $TmpDir/pki-user-add-tks-001_19.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-tks-001_19.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-tks-001_19.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u19 > $TmpDir/pki-user-del-tks-001_19_3.out 2>&1" \ + 0 \ + "Delete user with name ÖrjanÄke i18n characters" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-tks-001_19_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u19" + errmsg="UserNotFoundException: User u19 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_del-TKS-020: delete username with i18n characters" + rlLog "user-add username ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÉricTêko' u20 > $TmpDir/pki-user-add-tks-001_20.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-user-add-tks-001_20.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-add-tks-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u20 > $TmpDir/pki-user-del-tks-001_20_3.out 2>&1" \ + 0 \ + "Delete user with name ÉricTêko i18n characters" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-tks-001_20_3.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u20" + errmsg="UserNotFoundException: User u20 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted user id with name 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_del-tks_cleanup: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-find-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-find-tks.sh new file mode 100755 index 000000000..7fbed0dca --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-find-tks.sh @@ -0,0 +1,803 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-find To list users in TKS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Laxmi Sunkara <lsunkara@redhat.com> +# Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create_role_users.sh should be first executed prior to pki-user-cli-user-find.sh +######################################################################## + +run_pki-user-cli-user-find-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + # Creating Temporary Directory + rlPhaseStartSetup "pki tks user-find Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tks_instance_created" = "TRUE" ] ; then + user1=tks_agent2 + user1fullname="Test tks_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + + rlPhaseStartSetup "pki_user_cli_user_find-tks-startup-addusers: Add users" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user u$i" + let i=$i+1 + done + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user $usr" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-configtest-001: pki user-find --help configuration test" + rlRun "pki user-find --help > $TmpDir/user_find.out 2>&1" 0 "pki user-find --help" + rlAssertGrep "usage: user-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/user_find.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/user_find.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/user_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/user_find.out" + rlAssertNotGrep "Error: Unrecognized option: --help" "$TmpDir/user_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-configtest-002: pki user-find configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) user-find > $TmpDir/user_find_2.out 2>&1" 255 "pki user-find" + rlAssertGrep "Error: Certificate database not initialized." "$TmpDir/user_find_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-003: Find 5 users, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=5 > $TmpDir/pki-user-find-tks-001.out 2>&1" \ + 0 \ + "Found 5 users" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-find-tks-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-004: Find non user, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=0 > $TmpDir/pki-user-find-tks-002.out 2>&1" \ + 0 \ + "Found no users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-005: Find all users, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$large_num > $TmpDir/pki-user-find-tks-003.out 2>&1" \ + 0 \ + "Find all users, large value as input" + result=`cat $TmpDir/pki-user-find-tks-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-006: Find all users, --size with maximum possible value as input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-tks-003_2.out 2>&1" \ + 0 \ + "Find all users, maximum possible value as input" + result=`cat $TmpDir/pki-user-find-tks-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-007: Find all users, --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check > $TmpDir/pki-user-find-tks-003_3.out 2>&1" \ + 255 \ + "More than maximum possible value as input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-tks-003_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-008: Find users, check for negative input --size=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=-1 > $TmpDir/pki-user-find-tks-004.out 2>&1" \ + 0 \ + "No users returned as the size entered is negative value" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-009: Find users for size input as noninteger, --size=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$size_noninteger > $TmpDir/pki-user-find-tks-005.out 2>&1" \ + 255 \ + "No users returned" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-tks-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-010: Find users, check for no input --size=" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size= > $TmpDir/pki-user-find-tks-006.out 2>&1" \ + 255 \ + "No users returned, as --size= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-tks-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-011: Find users, --start=10" + #Find the 10th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find > $TmpDir/pki-user-find-tks-007_1.out 2>&1" \ + 0 \ + "Get all users in TKS" + user_entry_10=`cat $TmpDir/pki-user-find-tks-007_1.out | grep "User ID" | head -11 | tail -1` + rlLog "10th entry=$user_entry_10" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=10 > $TmpDir/pki-user-find-tks-007.out 2>&1" \ + 0 \ + "Displays users from the 10th user and the next to the maximum 20 users, if available " + #First user in the response should be the 10th user $user_entry_10 + user_entry_1=`cat $TmpDir/pki-user-find-tks-007.out | grep "User ID" | head -1` + rlLog "1th entry=$user_entry_1" + if [ "$user_entry_1" = "$user_entry_10" ]; then + rlPass "Displays users from the 10th user" + else + rlFail "Display did not start from the 10th user" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-tks-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-012: Find users, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=10000 > $TmpDir/pki-user-find-tks-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-013: Find users, --start with maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:9} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-tks-008_2.out 2>&1" \ + 0 \ + "Find users, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-014: Find users, --start with more than maximum possible input" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$maximum_check > $TmpDir/pki-user-find-tks-008_3.out 2>&1" \ + 255 \ + "Find users, --start with more than maximum possible input" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-find-tks-008_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-015: Find users, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=0 > $TmpDir/pki-user-find-tks-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-user-find-tks-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-016: Find users, --start=-1" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=-1 > $TmpDir/pki-user-find-tks-0010.out 2>&1" \ + 0 \ + "Maximum possible 20 users are returned, starting from the zeroth user" + rlAssertGrep "Number of entries returned 19" "$TmpDir/pki-user-find-tks-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-017: Find users for size input as noninteger, --start=abc" + size_noninteger="abc" + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=$size_noninteger > $TmpDir/pki-user-find-tks-0011.out 2>&1" \ + 255 \ + "Incorrect input to find user" + rlAssertGrep "NumberFormatException: For input string: \"$size_noninteger\"" "$TmpDir/pki-user-find-tks-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-018: Find users, check for no input --start= " + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start= > $TmpDir/pki-user-find-tks-0012.out 2>&1" \ + 255 \ + "No users returned, as --start= " + rlAssertGrep "NumberFormatException: For input string: \"""\"" "$TmpDir/pki-user-find-tks-0012.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-019: Find users, --size=12 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find > $TmpDir/pki-user-find-tks-00_13_1.out 2>&1" \ + 0 \ + "Get all users in TKS" + user_entry_12=`cat $TmpDir/pki-user-find-tks-00_13_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=12 --size=12 > $TmpDir/pki-user-find-tks-0013.out 2>&1" \ + 0 \ + "Displays users from the 12th user and the next to the maximum 12 users" + #First user in the response should be the 12th user $user_entry_12 + user_entry_1=`cat $TmpDir/pki-user-find-tks-0013.out | grep "User ID" | head -1` + if [ "$user_entry_1" = "$user_entry_12" ]; then + rlPass "Displays users from the 12th user" + else + rlFail "Display did not start from the 12th user" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-user-find-tks-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-020: Find users, --size=0 --start=12" + #Find 12 users starting from 12th user + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find > $TmpDir/pki-user-find-tks-00_14_1.out 2>&1" \ + 0 \ + "Get all users in TKS" + user_entry_12=`cat $TmpDir/pki-user-find-tks-00_14_1.out | grep "User ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=12 --size=0 > $TmpDir/pki-user-find-tks-0014.out 2>&1" \ + 0 \ + "Displays users from the 12th user and 0 users" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-find-tks-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-021: Should not be able to find user using a revoked cert TKS_adminR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-revoke-adminR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a revoked admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-revoke-adminR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-022: Should not be able to find users using an agent with revoked cert TKS_agentR" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentR \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-revoke-agentR-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent having revoked cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-revoke-agentR-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-023: Should not be able to find users using a valid agent TKS_agentV user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-agentV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a agent cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-tks-agentV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-024: Should not be able to find users using orher subsystem role user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${caId}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-caadminV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using other subsystem (CA) admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-caadminV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-025: Should not be able to find users using admin user with expired cert TKS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-adminE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired admin cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-adminE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-tks-adminE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-026: Should not be able to find users using TKS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_agentE \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-agentE-002.out 2>&1" \ + 255 \ + "Should not be able to find users using an expired agent cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-agentE-002.out" + rlAssertNotGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-find-tks-agentE-002.out" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-027: Should not be able to find users using a TKS_auditV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_auditV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-auditV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a audit cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-tks-auditV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-028: Should not be able to find users using a TKS_operatorV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_operatorV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-operatorV-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a operator cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-find-tks-operatorV-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-029: Should not be able to find user using a cert created from a untrusted CA role_user_UTCA" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -t tks \ + user-find --start=1 --size=5 > $TmpDir/pki-user-find-tks-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to find users using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-030: Should not be able to find user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -c Password \ + -t tks \ + user-find --start=1 --size=5" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password -t tks user-find --start=1 --size=5" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-find-tks-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-find-tks-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-031: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Örjan Äke' u25 > $TmpDir/pki-user-find-tks-001_31.out 2>&1" \ + 0 \ + "Adding fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-tks-001_31_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-tks-001_31_2.out" + rlAssertGrep "Full name: Örjan Äke" "$TmpDir/pki-user-show-tks-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_find-tks-032: find users when user fullname has i18n characters" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:5} + rlLog "user-add user fullname ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u26 > $TmpDir/pki-user-show-tks-001_32.out 2>&1" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-find --size=$maximum_check > $TmpDir/pki-user-show-tks-001_32_2.out" \ + 0 \ + "Find user with max size" + rlAssertGrep "User ID: u26" "$TmpDir/pki-user-show-tks-001_32_2.out" + rlAssertGrep "Full name: Éric Têko" "$TmpDir/pki-user-show-tks-001_32_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-021: Deleting users" + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 27 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + usr=$(eval echo \$user${j}) + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} + diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-add-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-add-tks.sh new file mode 100755 index 000000000..0f62e2a78 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-add-tks.sh @@ -0,0 +1,725 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-add Add TKS user membership. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-tks.sh +###################################################################################### + +######################################################################## +run_pki-user-cli-user-membership-add-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + + rlPhaseStartSetup "pki_user_cli_user_membership-add-TKS-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + +if [ "$tks_instance_created" = "TRUE" ] ; then + #Local variables + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-002: pki user-membership configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership > $TmpDir/pki_user_membership_cfg.out 2>&1" \ + 0 \ + "pki user-membership" + rlAssertGrep "Commands:" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-find Find user memberships" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-add Add user membership" "$TmpDir/pki_user_membership_cfg.out" + rlAssertGrep "user-membership-del Remove user membership" "$TmpDir/pki_user_membership_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-003: pki user-membership-add --help configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add --help > $TmpDir/pki_user_membership_add_cfg.out 2>&1" \ + 0 \ + "pki user-membership-add --help" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-004: pki user-membership-add configuration test" + rlRun "pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add > $TmpDir/pki_user_membership_add_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "usage: user-membership-add <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-005: Add users to available groups using valid admin user TKS_adminV" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-tks-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-tks-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-tks-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tks-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-006: Add a user to all available groups using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show userall > $TmpDir/pki-user-membership-add-user-show-tks-userall-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-add-user-show-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-show-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-show-tks-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-tks-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tks-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show user1 > $TmpDir/pki-user-membership-add-user-show-tks-user1-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-user-membership-add-user-show-tks-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-show-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-show-tks-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" \ + 0 \ + "Adding user userall to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-add user1 \"Administrators\"" + rlLog "Executing: $command" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-add-user-add-tks-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"$dummy_group\"" + rlLog "Executing: $command" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-009: Should be able to user-membership-add user name with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='ÖrjanÄke' u9" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlLog "Adding the user to the Adminstrators group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-add u9 \"Administrators\"" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-tks-009_2.out" \ + 0 \ + "Adding user with fullname ÖrjanÄke to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-009_2.out" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-tks-009_2.out" + rlLog "Check if the user is added to the group" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-find u9" + rlLog "Executing: $command" + rlRun "$command > $TmpDir/pki-user-membership-add-groupadd-find-tks-009_3.out" \ + 0 \ + "Check user with fullname ÖrjanÄke added to group Administrators" + rlAssertGrep "Group: Administrators" "$TmpDir/pki-user-membership-add-groupadd-find-tks-009_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-010: Should be able to user-membership-add user to group id with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-tks-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tks-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tks-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-tks-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-add-groupadd-tks-010_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tks-010_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tks-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u10 > $TmpDir/pki-user-membership-add-groupadd-find-tks-010_3.out" \ + 0 \ + "Check user ÉricTêko added to group dadministʁasjɔ̃" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-find-tks-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-011: Should not be able to user-membership-add using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminR -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-012: Should not be able to user-membership-add using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_agentR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-013: Should not be able to user-membership-add using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${TKS_INST}_adminE -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-014: Should not be able to user-membership-add using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-015: Should not be able to user-membership-add using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_auditV -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-016: Should not be able to user-membership-add using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${TKS_INST}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-017: Should not be able to user-membership-add using TKS_admin_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-add testuser1 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-add using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-018: User associated with Administrators group only can create a new user" + local user2="testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user2\" $user2 > $TmpDir/pki-user-membership-add-user-add-tks-user2-018.out" \ + 0 \ + "Adding user $user2" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "$gid" + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding $user2 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add $user2 \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add $user2 \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-$user2-00$i.out" \ + 0 \ + "Adding user to all groups except administrators group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-$user2-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-$user2-00$i.out" + fi + let i=$i+1 + done + rlLog "Check users group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find $user2 > $TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" \ + 0 \ + "Find user-membership to groups of $user2" + rlAssertGrep "7 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" + rlAssertGrep "Number of entries returned 7" "$TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlAssertNotGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" + rlLog "$user2 is not added to $gid" + else + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-$user2-019.out" + fi + let i=$i+1 + done + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + local requestdn + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User2\" \"$user2\" \ + \"$user2@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $TKS_INST" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n $user2 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_019_1.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${TKS_INST}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-cert-add $user2 --input $TmpDir/validcert_019_1.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user $user2" + #Trying to add a user using $user2 should fail since $user2 is not in Administrators group + local expfile="$TmpDir/expfile_$user2.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n $user2 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-add --fullName=test_user u39" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-tks-$user2-002.out" 255 "Should not be able to add users using a non Administrator user" + rlAssertGrep "ForbiddenException: Authorization Error" "$TmpDir/pki-user-add-tks-$user2-002.out" + + #Add $user2 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add $user2 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-tks-usertest2-019_2.out" \ + 0 \ + "Adding user $user2 to group \"$groupid4\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-tks-usertest2-019_2.out" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-tks-usertest2-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find $user2 > $TmpDir/pki-user-membership-add-groupadd-find-tks-usertest1-019_3.out" \ + 0 \ + "Check user-membership to group \"$groupid4\"" + rlAssertGrep "Group: $groupid4" "$TmpDir/pki-user-membership-add-groupadd-find-tks-usertest1-019_3.out" + + #Trying to add a user using $user2 should succeed now since $user2 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n $user2 \ + -c $TEMP_NSS_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test_user u19 > $TmpDir/pki-user-add-tks-019_4.out" \ + 0 \ + "Added new user using Admin user $user2" + rlAssertGrep "Added user \"u19\"" "$TmpDir/pki-user-add-tks-019_4.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-add-tks-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tks-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-add-TKS-019: Should not be able to add user-membership to user that does not exist" + user="testuser4" + command="pki -d $CERTDB_DIR -n ${caId}_adminV -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -t tks user-membership-add $user \"$groupid5\"" + rlLog "Executing: $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add user-membership to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-add-tks-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del userall > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user1 > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u19 > $TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-u19-001.out" \ + 0 \ + "Deleting user u19" + rlAssertGrep "Deleted user \"u19\"" "$TmpDir/pki-user-del-tks-user-membership-add-user-del-tks-u19-001.out" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 3 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del testuser$i > $TmpDir/pki-user-membership-add-tks-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-user-membership-add-tks-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${TKS_INST}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-del-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-del-tks.sh new file mode 100755 index 000000000..424607cf3 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-del-tks.sh @@ -0,0 +1,842 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-membership-del TKS CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-add-tks.sh +###################################################################################### + +run_pki-user-cli-user-membership-del-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + tks_instance_created="False" + + rlPhaseStartSetup "pki_user_cli_user_membership-del-TKS-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Available groups tks-group-find + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-002: pki user-membership-del --help configuration test" + rlRun "pki user-membership-del --help > $TmpDir/pki_user_membership_del_cfg.out 2>&1" \ + 0 \ + "pki user-membership-del --help" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-003: pki user-membership-del configuration test" + rlRun "pki user-membership-del > $TmpDir/pki_user_membership_del_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID> \[OPTIONS...\]" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-004: Delete user-membership when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-add-user-add-tks-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-add-tks-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u$i > $TmpDir/pki-user-membership-add-user-show-tks-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-add-user-show-tks-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u$i > $TmpDir/pki-user-membership-add-groupadd-find-tks-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tks-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del u$i \"$gid\" > $TmpDir/pki-user-membership-del-groupdel-del-tks-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupdel-del-tks-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-005: Delete user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-add-user-add-tks-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-tks-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall > $TmpDir/pki-user-membership-add-groupadd-find-tks-userall-00$i.out" \ + 0 \ + "Check user membership with group \"$gid\"" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-add-groupadd-find-tks-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del userall \"$gid\" > $TmpDir/pki-user-membership-del-groupadd-tks-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted membership in group \"$gid\"" "$TmpDir/pki-user-membership-del-groupadd-tks-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-006: Missing required option <Group id> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add user1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del user1 > $TmpDir/pki-user-membership-del-groupadd-tks-user1-001.out 2>&1" \ + 255 \ + "Cannot delete user from group, Missing required option <Group id>" + rlAssertGrep "usage: user-membership-del <User ID> <Group ID>" "$TmpDir/pki-user-membership-del-groupadd-tks-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-007: Missing required option <User ID> while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-user-membership-add-user-add-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add user2 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del \"\" \"Administrators\" > $TmpDir/pki-user-membership-del-groupadd-tks-user1-001.out 2>&1" \ + 255 \ + "cannot delete user from group, Missing required option <user id>" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-membership-del-groupadd-tks-user1-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-008: Should not be able to user-membership-del using a revoked cert TKS_adminR" + command="pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-009: Should not be able to user-membership-del using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-010: Should not be able to user-membership-del using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete user-membership using a valid agent cert TKS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-011: Should not be able to user-membership-del using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -c $CERTDB_DIR_PASSWORD -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-012: Should not be able to user-membership-del using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-013: Should not be able to user-membership-del using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-014: Should not be able to user-membership-del using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-015: Should not be able to user-membership-del using TKS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -c $UNTRUSTED_CERT_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user2 \"Administrators\"" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to user-membership-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-016: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u10" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u10" \ + 0 \ + "Adding user fullname ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-tks-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tks-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tks-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-tks-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-tks-017_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-tks-017_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-tks-017_2.out" + rlLog "Delete user-membership from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del u10 'dadministʁasjɔ̃' > $TmpDir/pki-user-membership-del-tks-017_3.out" \ + 0 \ + "Delete user-membership from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-tks-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-tks-017_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-017: Delete user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u11 > $TmpDir/pki-user-add-tks-018.out 2>&1" \ + 0 \ + "Adding user full name ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-user-add-tks-018.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-add-tks-018.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u11 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-tks-018_2.out" \ + 0 \ + "Adding user with full name ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-tks-018_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-del-groupadd-tks-018_2.out" + rlLog "Delete user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del u11 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-del-groupadd-del-tks-018_3.out" \ + 0 \ + "Delete user-membership from the group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted membership in group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-del-groupadd-del-tks-018_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u11 > $TmpDir/pki-user-membership-del-groupadd-del-tks-018_4.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-del-groupadd-del-tks-018_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-018: Delete user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-del-user-del-tks-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-del-user-del-tks-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-del-user-del-tks-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-del-user-del-tks-019.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-del user123 \"Administrators\"" + rlLog "Executing $command" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete user-membership when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-user-membership-del-user-del-tks-020.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-user-membership-del-user-del-tks-020.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-membership-del-user-del-tks-020.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-user-membership-del-user-del-tks-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u12 \"$groupid4\" > $TmpDir/pki-user-membership-add-groupadd-tks-20_2.out" \ + 0 \ + "Adding user u12 to group \"Administrators\"" + rlAssertGrep "Added membership in \"$groupid4\"" "$TmpDir/pki-user-membership-add-groupadd-tks-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u12 \"$groupid1\" > $TmpDir/pki-user-membership-add-groupadd-tks-20_3.out" \ + 0 \ + "Adding user u12 to group \"$groupid1\"" + rlAssertGrep "Added membership in \"$groupid1\"" "$TmpDir/pki-user-membership-add-groupadd-tks-20_3.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find Administrators > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_5.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertGrep "User: u12" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_5.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u12 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_6.out" \ + 0 \ + "Delete user u12" + rlAssertGrep "Deleted user \"u12\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find $groupid4 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_7.out" \ + 0 \ + "List members of $groupid4 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_7.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-member-find \"$groupid1\" > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_8.out" \ + 0 \ + "List members of $groupid1 group" + rlAssertNotGrep "User: u12" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-20_8.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_user_cli_user_membership-del-TKS-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-user-membership-del-user-add-tks-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add testuser1 \"Administrators\" > $TmpDir/pki-user-membership-add-groupadd-tks-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added membership in \"Administrators\"" "$TmpDir/pki-user-membership-add-groupadd-tks-21_2.out" + + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWORD="Password" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local requestdn + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB $TEMP_NSS_DB_PASSWORD pkcs10 rsa 2048 \"test User1\" \"testuser1\" \ + \"testuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT) $requestdn $caId" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) -n \"${caId}_agentV\" ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $temp_out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $temp_out > $TmpDir/validcert_021_3.pem" + rlRun "pki -d $CERTDB_DIR/ \ + -n \"${prefix}_adminV\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-cert-add testuser1 --input $TmpDir/validcert_021_3.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + local expfile="$TmpDir/expfile_testuser1.out" + echo "spawn -noecho pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-add --fullName=test_user u9" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile 2>&1 > $TmpDir/pki-user-add-tks-021_4.out" 0 "Should be able to add users using Administrator user testuser1" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tks-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-del testuser1 \"Administrators\" > $TmpDir/pki-user-membership-del-groupdel-del-tks-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted membership in group \"Administrators\"" "$TmpDir/pki-user-membership-del-groupdel-del-tks-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-add --fullName=test_user u212" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-del-tks-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 12 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del userall > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user1 > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user2 > $TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-tks-user-membership-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user123 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del testuser1 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-testuser1.out" + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-find-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-find-tks.sh new file mode 100755 index 000000000..0738eddd7 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-membership-find-tks.sh @@ -0,0 +1,771 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-cli-user-membership-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-membership-find Find TKS user memberships. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-membership-find-tks.sh +###################################################################################### + +run_pki-user-cli-user-membership-find-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + prefix=$subsystemId + rlPhaseStartSetup "pki_user_cli_user_membership-find-TKS-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + #Local variables + #Available groups tks-group-find + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-002: pki user-membership-find --help configuration test" + rlRun "pki user-membership-find --help > $TmpDir/pki_user_membership_find_cfg.out 2>&1" \ + 0 \ + "pki user-membership-find --help" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-003: pki user-membership-find configuration test" + rlRun "pki user-membership-find > $TmpDir/pki_user_membership_find_2_cfg.out 2>&1" \ + 255 \ + "pki user-membership-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "usage: user-membership-find <User ID> \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--size <size> Page size" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlAssertGrep "\--start <start> Page start" "$TmpDir/pki_user_membership_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-004: Find user-membership when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-user-membership-find-user-find-tks-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-user-membership-find-user-find-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-find-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-find-tks-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u$i > $TmpDir/pki-user-membership-find-user-show-tks-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-user-membership-find-user-show-tks-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-user-membership-find-user-show-tks-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-user-membership-find-user-show-tks-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u$i \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-membership-add u$i \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-tks-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-tks-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u$i > $TmpDir/pki-user-membership-find-groupadd-find-tks-00$i.out" \ + 0 \ + "Find user-membership with group \"$gid\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-00$i.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-005: Find user-membership when user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-user-membership-find-user-find-tks-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-user-membership-find-user-find-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-find-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-find-tks-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show userall > $TmpDir/pki-user-membership-find-user-show-tks-userall-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-user-membership-find-user-show-tks-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-user-membership-find-user-show-tks-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-user-membership-find-user-show-tks-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add userall \"$gid\" > $TmpDir/pki-user-membership-find-groupadd-tks-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added membership in \"$gid\"" "$TmpDir/pki-user-membership-find-groupadd-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-tks-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall > $TmpDir/pki-user-membership-find-groupadd-find-tks-userall-00$i.out" \ + 0 \ + "Find user-membership to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-userall-00$i.out" + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-userall-00$i.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-user-membership-find-groupadd-find-tks-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-006: Find user-membership of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=5 > $TmpDir/pki-user-membership-find-groupadd-find-tks-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-001.out" + rlAssertGrep "Group: $groupid6" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-001.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-007: Find all user-memberships of a user (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=0 > $TmpDir/pki-user-membership-find-groupadd-find-tks-start-002.out" \ + 0 \ + "Checking user-mambership to group " + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-002.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 6" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-008: Find user-memberships when page start is negative (start=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=-1 > $TmpDir/pki-user-membership-find-groupadd-find-tks-start-003.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-003.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-003.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 6" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-009: Find user-memberships when page start greater than available number of groups (start=7)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=7 > $TmpDir/pki-user-membership-find-groupadd-find-tks-start-004.out" \ + 0 \ + "Checking user-membership to group" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-tks-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-010: Should not be able to find user-membership when page start is non integer" + command="pki -d $CERTDB_DIR -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -t tks user-membership-find userall --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-011: Find user-memberships when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=0 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-006.out" 0 \ + "user_membership-find with size parameter as 0" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-012: Find user-memberships when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=1 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-007.out" 0 \ + "user_membership-find with size parameter as 1" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-007.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-013: Find user-memberships when page size is 2 (size=2)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=2 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" 0 \ + "user_membership-find with size parameter as 2" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" + rlAssertGrep "Group: $groupid1" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" + rlAssertGrep "Group: $groupid2" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-014: Find user-memberships when page size is 5 (size=5)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=5 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-009.out" 0 \ + "user_membership-find with size parameter as 5" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-009.out" + i=1 + while [ $i -lt 6 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-015: Find user-memberships when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=100 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-0010.out" 0 \ + "user_membership-find with size parameter as 100" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0010.out" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 6" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-016: Find user-memberships when page size is negative (size=-1)" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=-1 > $TmpDir/pki-user-membership-find-groupadd-find-tks-size-0011.out" 0 \ + "user_membership-find with size parameter as -1" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0011.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-user-membership-find-groupadd-find-tks-size-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-017: Should not be able to find user-membership when page size is non integer" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to start parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-018: Find user-membership with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=4 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=4 --size=5 > $TmpDir/pki-user-membership-find-tks-019.out" \ + 0 \ + "Find user-membership with page start and page size option" + rlAssertGrep "6 entries matched" "$TmpDir/pki-user-membership-find-tks-019.out" + i=5 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlAssertGrep "Group: $gid" "$TmpDir/pki-user-membership-find-tks-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 2" "$TmpDir/pki-user-membership-find-tks-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-019: Find user-membership with --size more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --size=$maximum_check > $TmpDir/pki-user-membership-find-tks-020.out 2>&1" \ + 255 \ + "Find user-membership with --size more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-tks-020.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-020: Find user-membership with --start more than maximum possible value" + maximum_check=$(echo $RANDOM$RANDOM$RANDOM$RANDOM) + maximum_check=${maximum_check:1:12} + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find userall --start=$maximum_check > $TmpDir/pki-user-membership-find-tks-021.out 2>&1" \ + 255 \ + "Find user-membership with --start more than maximum possible value" + rlAssertGrep "NumberFormatException: For input string: \"$maximum_check\"" "$TmpDir/pki-user-membership-find-tks-021.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-021: Should not be able to user-membership-find using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-022: Should not be able to user-membership-find using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-023: Should not be able to user-membership-find using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid agent TKS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-024: Should not be able to user-membership-find using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired admin TKS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-025: Should not be able to user-membership-find using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a expired agent TKS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-026: Should not be able to user-membership-find using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid auditor TKS_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-027: Should not be able to user-membership-find using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a valid operator TKS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-028: Should not be able to user-membership-find using TKS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n $untrusted_cert_nickname -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -c $UNTRUSTED_CERT_DB_PASSWORD -t tks user-membership-find userall --start=0 --size=5" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find user-membership using a untrusted role_user_UTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-029:Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u9" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='Éric Têko' u9" \ + 0 \ + "Adding uid ÉricTêko with i18n characters" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-user-membership-add-groupadd-tks-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-add-groupadd-tks-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-add-groupadd-tks-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-user-membership-add-groupadd-tks-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u9 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u9 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-tks-031_2.out" \ + 0 \ + "Adding user ÉricTêko to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-tks-031_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-tks-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u9 > $TmpDir/pki-user-membership-find-groupadd-find-tks-031_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-031_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-tks-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-030: Find user-membership for user fullname with i18n characters" + rlLog "user-add user fullname ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u10 > $TmpDir/pki-user-add-tks-032.out 2>&1" \ + 0 \ + "Adding user fullname ÖrjanÄke with i18n characters" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-user-add-tks-032.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-add-tks-032.out" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-add u10 \"dadministʁasjɔ̃\" > $TmpDir/pki-user-membership-find-groupadd-tks-032_2.out" \ + 0 \ + "Adding user ÖrjanÄke to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added membership in \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-membership-find-groupadd-tks-032_2.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-tks-032_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-membership-find u10 > $TmpDir/pki-user-membership-find-groupadd-find-tks-032_3.out" \ + 0 \ + "Find user-membership with group \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-user-membership-find-groupadd-find-tks-032_3.out" + rlAssertGrep "Group: dadministʁasjɔ̃" "$TmpDir/pki-user-membership-find-groupadd-find-tks-032_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_membership-find-TKS-031: Find user-membership when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-user-membership-find-user-find-tks-033.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-user-membership-find-user-find-tks-033.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-user-membership-find-user-find-tks-033.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-user-membership-find-user-find-tks-033.out" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -h $SUBSYSTEM_HOST -t tks user-membership-find user123 --start=6 --size=5" + rlLog "Executing $command" + rlRun "$command > $TmpDir/pki-user-membership-find-user-find-tks-033_2.out" 0 "Find user-membership when uid is not associated with a group" + rlAssertGrep "0 entries matched" "$TmpDir/pki-user-membership-find-user-find-tks-033_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_membership-find-tks-cleanup-001: Deleting the temp directory and users" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del userall > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-userall.out" + + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del user123 > $TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tks-user-membership-find-user-del-tks-user123.out" + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-mod-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-mod-tks.sh new file mode 100755 index 000000000..39340bc1e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-mod-tks.sh @@ -0,0 +1,1157 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-user-cli +# Description: PKI user-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-mod Modify existing users in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath <rpattath@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-mod-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-user-cli-user-mod-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_user_cli_user_mod_tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + TKS_HOST=$(eval echo \$${MYROLE}) + TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + + user1=tks_user + user1fullname="Test tks user" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + user1_mod_fullname="Test tks user modified" + user1_mod_email="testtksuser@myemail.com" + user1_mod_passwd="Secret1234" + user1_mod_state="NC" + user1_mod_phone="1234567890" + randsym="" + i18nuser=i18nuser + i18nuserfullname="Örjan Äke" + i18nuser_mod_fullname="kakskümmend" + i18nuser_mod_email="kakskümmend@example.com" + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_auditV_user=${subsystemId}_auditV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #### Modify a user's full name #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-002: Modify a user's fullname in TKS using admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tks-user-mod-002.out" \ + 0 \ + "Modified $user1 fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tks-user-mod-002.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-mod-002.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tks-user-mod-002.out" + rlPhaseEnd + + #### Modify a user's email, phone, state, password #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-003: Modify a user's email,phone,state,password in TKS using admin user" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email $user1_mod_email --phone $user1_mod_phone --state $user1_mod_state --password $user1_mod_passwd $user1 > $TmpDir/pki-tks-user-mod-003.out" \ + 0 \ + "Modified $user1 information" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tks-user-mod-003.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-mod-003.out" + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tks-user-mod-003.out" + + rlAssertGrep "Phone: $user1_mod_phone" "$TmpDir/pki-tks-user-mod-003.out" + + rlAssertGrep "State: $user1_mod_state" "$TmpDir/pki-tks-user-mod-003.out" + + rlAssertGrep "Email: $user1_mod_email" "$TmpDir/pki-tks-user-mod-003.out" +rlPhaseEnd + + #### Modify a user's email with characters and numbers #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-004:--email with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email abcdefghijklmnopqrstuvwxyx12345678 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=abcdefghijklmnopqrstuvwxyx12345678 u1 > $TmpDir/pki-tks-user-mod-004.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length" + rlAssertGrep "Modified user \"u1\"" "$TmpDir/pki-tks-user-mod-004.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-tks-user-mod-004.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-004.out" + rlAssertGrep "Email: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-user-mod-004.out" + rlPhaseEnd + + #### Modify a user's email with maximum length and symbols #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-005:--email with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"$randsym\" u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"$randsym\" u2 > $TmpDir/pki-tks-user-mod-005.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --email length and character symbols in it" + actual_email_string=`cat $TmpDir/pki-tks-user-mod-005.out | grep "Email: " | xargs echo` + expected_email_string="Email: $randsym" + rlAssertGrep "Modified user \"u2\"" "$TmpDir/pki-tks-user-mod-005.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-tks-user-mod-005.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-005.out" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "$expected_email_string found" + else + rlFail "$expected_email_string not found" + fi + rlPhaseEnd + + #### Modify a user's email with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-006:--email with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email # u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=# u3 > $TmpDir/pki-tks-user-mod-006.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email # character" + rlAssertGrep "Modified user \"u3\"" "$TmpDir/pki-tks-user-mod-006.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-tks-user-mod-006.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-006.out" + rlAssertGrep "Email: #" "$TmpDir/pki-tks-user-mod-006.out" + rlPhaseEnd + + #### Modify a user's email with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod-007:--email with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email * u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=* u4 > $TmpDir/pki-tks-user-mod-007.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email * character" + rlAssertGrep "Modified user \"u4\"" "$TmpDir/pki-tks-user-mod-007.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-tks-user-mod-007.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-007.out" + rlAssertGrep "Email: *" "$TmpDir/pki-tks-user-mod-007.out" + rlPhaseEnd + + #### Modify a user's email with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-008:--email with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u5" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email $ u5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=$ u5 > $TmpDir/pki-tks-user-mod-008.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email $ character" + rlAssertGrep "Modified user \"u5\"" "$TmpDir/pki-tks-user-mod-008.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-tks-user-mod-008.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-008.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-tks-user-mod-008.out" + rlPhaseEnd + + #### Modify a user's email with value 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-009:--email as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u6" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email 0 u6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=0 u6 > $TmpDir/pki-tks-user-mod-009.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --email 0" + rlAssertGrep "Modified user \"u6\"" "$TmpDir/pki-tks-user-mod-009.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-tks-user-mod-009.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-009.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-tks-user-mod-009.out" + rlPhaseEnd + + #### Modify a user's state with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-010:--state with characters and numbers " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u7" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state abcdefghijklmnopqrstuvwxyx12345678 u7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=abcdefghijklmnopqrstuvwxyx12345678 u7 > $TmpDir/pki-tks-user-mod-010.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length" + rlAssertGrep "Modified user \"u7\"" "$TmpDir/pki-tks-user-mod-010.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-tks-user-mod-010.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-010.out" + rlAssertGrep "State: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-user-mod-010.out" + rlPhaseEnd + + #### Modify a user's state with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod-011:--state with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u8" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=\"$randsym\" u8" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=\"$randsym\" u8 > $TmpDir/pki-tks-user-mod-011.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --state length and character symbols in it" + actual_state_string=`cat $TmpDir/pki-tks-user-mod-011.out | grep "State: " | xargs echo` + expected_state_string="State: $randsym" + rlAssertGrep "Modified user \"u8\"" "$TmpDir/pki-tks-user-mod-011.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-tks-user-mod-011.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-011.out" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "$expected_state_string found" + else + rlFail "$expected_state_string not found" + fi + rlPhaseEnd + + #### Modify a user's state with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-012:--state with # character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u9" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state # u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=# u9 > $TmpDir/pki-tks-user-mod-012.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state # character" + rlAssertGrep "Modified user \"u9\"" "$TmpDir/pki-tks-user-mod-012.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tks-user-mod-012.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-012.out" + rlAssertGrep "State: #" "$TmpDir/pki-tks-user-mod-012.out" + rlPhaseEnd + + #### Modify a user's state with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-013:--state with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u10" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state * u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=* u10 > $TmpDir/pki-tks-user-mod-013.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state * character" + rlAssertGrep "Modified user \"u10\"" "$TmpDir/pki-tks-user-mod-013.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tks-user-mod-013.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-013.out" + rlAssertGrep "State: *" "$TmpDir/pki-tks-user-mod-013.out" + rlPhaseEnd + + #### Modify a user's state with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-014:--state with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u11" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state $ u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=$ u11 > $TmpDir/pki-tks-user-mod-014.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state $ character" + rlAssertGrep "Modified user \"u11\"" "$TmpDir/pki-tks-user-mod-014.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tks-user-mod-014.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-014.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-tks-user-mod-014.out" + rlPhaseEnd + + #### Modify a user's state with number 0 #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-015:--state as number 0 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u12" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state 0 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --state=0 u12 > $TmpDir/pki-tks-user-mod-015.out " \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with --state 0" + rlAssertGrep "Modified user \"u12\"" "$TmpDir/pki-tks-user-mod-015.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tks-user-mod-015.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-015.out" + rlAssertGrep "State: 0" "$TmpDir/pki-tks-user-mod-015.out" + rlPhaseEnd + + #### Modify a user's phone with characters and numbers #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-016:--phone with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u13" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone abcdefghijklmnopqrstuvwxyx12345678 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone=abcdefghijklmnopqrstuvwxyx12345678 u13 > $TmpDir/pki-tks-user-mod-016.out" \ + 0 \ + "Modified user using $(eval echo \$${subsystemId}_adminV_user) with maximum --phone length" + rlAssertGrep "Modified user \"u13\"" "$TmpDir/pki-tks-user-mod-016.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tks-user-mod-016.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-016.out" + rlAssertGrep "Phone: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-user-mod-016.out" + rlPhaseEnd + + #### Modify a user's phone with maximum length and symbols #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-017:--phone with maximum length and symbols " + randsym_b64=$(openssl rand -base64 8193 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | tr -d /) + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test usr1" + special_symbols="#$@*" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone='$randsym$special_symbols' usr1" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using an admin user with maximum length --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with maximum length and numbers only #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-018:--phone with maximum length and numbers only " + randhex=$(openssl rand -hex 1024) + randhex_covup=${randhex^^} + randsym=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone=\"$randsym\" usr1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone=\"$randsym\" usr1 > $TmpDir/pki-tks-user-mod-018.out"\ + 0 \ + "Modify user with maximum length and numbers only" + rlAssertGrep "Modified user \"usr1\"" "$TmpDir/pki-tks-user-mod-018.out" + rlAssertGrep "User ID: usr1" "$TmpDir/pki-tks-user-mod-018.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-018.out" + rlAssertGrep "Phone: $randsym" "$TmpDir/pki-tks-user-mod-018.out" + rlPhaseEnd + + #### Modify a user's phone with # character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-019:--phone with \# character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test usr2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone=\"#\" usr2" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with * character #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-020:--phone with * character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test usr3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone=\"*\" usr3" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with $ character #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-021:--phone with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test usr4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone $ usr4" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user using admin user --phone with character symbols in it" + rlPhaseEnd + + #### Modify a user's phone with negative number #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-022:--phone as negative number -1230 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u14" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone -1230 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --phone=-1230 u14 > $TmpDir/pki-tks-user-mod-022.out " \ + 0 \ + "Modifying User --phone negative value" + rlAssertGrep "Modified user \"u14\"" "$TmpDir/pki-tks-user-mod-022.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-tks-user-mod-022.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-tks-user-mod-022.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-tks-user-mod-022.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/704" + rlPhaseEnd + + #### Modify a user - missing required option user id #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-023-tier1: Modify a user -- missing required option user id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname'" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify user -- missing required option user id" + rlPhaseEnd + + #### Modify a user - all options provided #### + +rlPhaseStartTest "pki_user_cli_user_mod-tks-024-tier1: Modify a user -- all options provided" + email="tks_user2@myemail.com" + user_password="tksuser2Password" + phone="1234567890" + state="NC" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u15" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u15 > $TmpDir/pki-tks-user-mod-025.out" \ + 0 \ + "Modify user u15 to TKS -- all options provided" + rlAssertGrep "Modified user \"u15\"" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-mod-025.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-025.out" + rlPhaseEnd + + #### Modify a user - password less than 8 characters #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-025: Modify user with --password " + userpw="pass" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod $user1 --fullName='$user1fullname' --password=$userpw" + errmsg="PKIException: The password must be at least 8 characters" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify a user --must be at least 8 characters --password" + rlPhaseEnd + +##### Tests to modify users using revoked cert##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-026: Should not be able to modify user using a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1_mod_fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using an agent user##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-028: Should not be able to modify user using a valid agent user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_tks-029: Should not be able to modify user using an agent user with a revoked cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using a agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify users using expired cert##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-030: Should not be able to modify user using an admin user with expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_mod_tks-031: Should not be able to modify user using an agent user with an expired cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify users using audit users##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-032: Should not be able to modify user using an auditor user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify users using operator user### + rlPhaseStartTest "pki_user_cli_user_mod_tks-033: Should not be able to modify user using an operator user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as TKS_operatorV" + rlPhaseEnd + +##### Tests to modify users using role_user_UTCA user's certificate will be issued by an untrusted TKS users##### + rlPhaseStartTest "pki_user_cli_user_mod_tks-034: Should not be able to modify user using a cert created from a untrusted TKS role_user_UTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' $user1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify user $user1 as role_user_UTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_user_cli_user_mod_tks-035: Modify a user -- User ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName='$user1fullname' u17" + errmsg="ResourceNotFoundException: No such object." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing user" + rlPhaseEnd + + #### Modify a user - fullName option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-036: Modify a user in TKS using an admin user - fullname is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + u16" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --fullName=\"\" u16" + errmsg="BadRequestException: Invalid DN syntax." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying User --fullname is empty" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + #### Modify a user - email is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-037: Modify a user in TKS using TKS admin user - email is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show u16 > $TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-mod-038_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-038_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"\" u16 > $TmpDir/pki-tks-user-mod-038_2.out" \ + 0 \ + "Modifying $user1 with empty email" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tks-user-mod-038_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-038_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-038_2.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-mod-038_2.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-038_2.out" + rlPhaseEnd + + #### Modify a user - phone is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-038: Modify a user in TKS using TKS_adminV - phone is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show u16 > $TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-tks-user-mod-039_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-039_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --phone=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + #### Modify a user - state option is empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-039: Modify a user in TKS using an admin user in TKS - state is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show u16 > $TmpDir/pki-tks-user-mod-040_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-user-mod-040_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-040_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-040_1.out" + rlAssertGrep "State: $state" "$TmpDir/pki-tks-user-mod-040_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --state=\"\" u16" + rlRun "$command" 0 "Successfully updated phone to empty value" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/836" + rlPhaseEnd + + +##### Tests to modify TKS users with the same value #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-040: Modify a user in TKS using an admin user - fullname same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show $user1 > $TmpDir/pki-tks-user-mod-041_1.out" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-tks-user-mod-041_1.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-mod-041_1.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tks-user-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1_mod_fullname\" $user1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$user1_mod_fullname\" $user1 > $TmpDir/pki-tks-user-mod-041_2.out" \ + 0 \ + "Modifying $user1 with same old fullname" + rlAssertGrep "Modified user \"$user1\"" "$TmpDir/pki-tks-user-mod-041_2.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-tks-user-mod-041_2.out" + rlAssertGrep "Full name: $user1_mod_fullname" "$TmpDir/pki-tks-user-mod-041_2.out" + rlPhaseEnd + +##### Tests to modify CA users adding values to params which were previously empty #### + + rlPhaseStartTest "pki_user_cli_user_mod_tks-041: Modify a user in TKS using an admin user - adding values to params which were previously empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show u16 > $TmpDir/pki-tks-user-mod-042_1.out" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-tks-user-mod-042_1.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-042_1.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-042_1.out" + rlAssertNotGrep "Email:" "$TmpDir/pki-tks-user-mod-042_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"$email\" u16" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --email=\"$email\" u16 > $TmpDir/pki-tks-user-mod-042_2.out" \ + 0 \ + "Modifying u16 with new value for phone which was previously empty" + rlAssertGrep "Modified user \"u16\"" "$TmpDir/pki-tks-user-mod-042_2.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-tks-user-mod-042_2.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-tks-user-mod-042_2.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-tks-user-mod-042_2.out" + rlPhaseEnd + +##### Tests to modify TKS users having i18n chars in the fullname #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-042: Modify a user's fullname having i18n chars in TKS using an admin user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"$i18nuserfullname\" $i18nuser" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-mod --fullName=\"$i18nuser_mod_fullname\" $i18nuser > $TmpDir/pki-tks-user-mod-043.out" \ + 0 \ + "Modified $i18nuser fullname" + rlAssertGrep "Modified user \"$i18nuser\"" "$TmpDir/pki-tks-user-mod-043.out" + rlAssertGrep "User ID: $i18nuser" "$TmpDir/pki-tks-user-mod-043.out" + rlAssertGrep "Full name: $i18nuser_mod_fullname" "$TmpDir/pki-tks-user-mod-043.out" + rlPhaseEnd + +##### Tests to modify TKS users having i18n chars in email #### + +rlPhaseStartTest "pki_user_cli_user_mod_tks-043: Modify a user's email having i18n chars in TKS using an admin user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks user-mod --email=$i18nuser_mod_email $i18nuser" + errmsg="PKIException: LDAP error (21): error result" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modified $i18nuser email should fail" + rlLog "FAIL:https://fedorahosted.org/pki/ticket/860" + rlPhaseEnd + +#===Deleting users===# +rlPhaseStartCleanup "pki_user_cli_user_tks_cleanup: Deleting role users" + + i=1 + while [ $i -lt 17 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-00$i.out" + let i=$i+1 + done + + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del usr$i > $TmpDir/pki-usr-del-tks-usr-00$i.out" \ + 0 \ + "Deleted user usr$i" + rlAssertGrep "Deleted user \"usr$i\"" "$TmpDir/pki-usr-del-tks-usr-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del $i18nuser > $TmpDir/pki-user-del-tks-i18nuser-001.out" \ + 0 \ + "Deleted user $i18nuser" + rlAssertGrep "Deleted user \"$i18nuser\"" "$TmpDir/pki-user-del-tks-i18nuser-001.out" +$i18nuser + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd + else + rlLog "TKS instance not installed" + fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh new file mode 100755 index 000000000..0db5663dd --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-user-cli/tks/pki-user-cli-user-show-tks.sh @@ -0,0 +1,1193 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-user-cli +# Description: PKI user-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-user-cli-user-show Show TKS users +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Asha Akkiangady <aakkiang@redhat.com> +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2015 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-user-cli-user-show-tks.sh +###################################################################################### + +######################################################################## +run_pki-user-cli-user-show-tks_tests(){ + subsystemId=$1 + SUBSYSTEM_TYPE=$2 + MYROLE=$3 + caId=$4 + CA_HOST=$5 + prefix=$subsystemId + rlPhaseStartSetup "pki_user_cli_user_show-tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi + if [ "$tks_instance_created" = "TRUE" ] ; then + #local variables + user1=tks_agent2 + user1fullname="Test tks_agent" + user2=abcdefghijklmnopqrstuvwxyx12345678 + user3=abc# + user4=abc$ + user5=abc@ + user6=abc? + user7=0 + SUBSYSTEM_HOST=$(eval echo \$${MYROLE}) + untrusted_cert_nickname=role_user_UTCA + + + rlPhaseStartTest "pki_user_show-configtest: pki user-show configuration test" + rlRun "pki user-show --help > $TmpDir/pki_user_show_cfg.out 2>&1" \ + 0 \ + "pki user-show" + rlAssertGrep "usage: user-show <User ID> \[OPTIONS...\]" "$TmpDir/pki_user_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_user_show_cfg.out" + rlAssertNotGrep "Error: Certificate database not initialized." "$TmpDir/pki_user_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TKS users #### + rlPhaseStartTest "pki_user_cli_user_show-TKS-001: Add user to TKS using TKS_adminV and show user" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" $user1" \ + 0 \ + "Add user $user1 using ${prefix}_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user1" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user1 > $TmpDir/pki-user-show-tks-001.out" \ + 0 \ + "Show user $user1" + rlAssertGrep "User \"$user1\"" "$TmpDir/pki-user-show-tks-001.out" + rlAssertGrep "User ID: $user1" "$TmpDir/pki-user-show-tks-001.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tks-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-002: maximum length of user id" + user2=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user2" \ + 0 \ + "Add user $user2 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user2 > $TmpDir/pki-user-show-tks-001_1.out" \ + 0 \ + "Show $user2 user" + rlAssertGrep "User \"$user2\"" "$TmpDir/pki-user-show-tks-001_1.out" + actual_userid_string=`cat $TmpDir/pki-user-show-tks-001_1.out | grep 'User ID:' | xargs echo` + expected_userid_string="User ID: $user2" + if [[ $actual_userid_string = $expected_userid_string ]] ; then + rlPass "User ID: $user2 found" + else + rlFail "User ID: $user2 not found" + fi + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-003: User id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user3" \ + 0 \ + "Add user $user3 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user3 > $TmpDir/pki-user-show-tks-001_2.out" \ + 0 \ + "Show $user3 user" + rlAssertGrep "User \"$user3\"" "$TmpDir/pki-user-show-tks-001_2.out" + rlAssertGrep "User ID: $user3" "$TmpDir/pki-user-show-tks-001_2.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-004: User id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user4" \ + 0 \ + "Add user $user4 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user4 > $TmpDir/pki-user-show-tks-001_3.out" \ + 0 \ + "Show $user4 user" + rlAssertGrep "User \"$user4\"" "$TmpDir/pki-user-show-tks-001_3.out" + rlAssertGrep "User ID: abc\\$" "$TmpDir/pki-user-show-tks-001_3.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-005: User id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user5" \ + 0 \ + "Add $user5 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user5 > $TmpDir/pki-user-show-tks-001_4.out" \ + 0 \ + "Show $user5 user" + rlAssertGrep "User \"$user5\"" "$TmpDir/pki-user-show-tks-001_4.out" + rlAssertGrep "User ID: $user5" "$TmpDir/pki-user-show-tks-001_4.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-006: User id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user6" \ + 0 \ + "Add $user6 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user6 > $TmpDir/pki-user-show-tks-001_5.out" \ + 0 \ + "Show $user6 user" + rlAssertGrep "User \"$user6\"" "$TmpDir/pki-user-show-tks-001_5.out" + rlAssertGrep "User ID: $user6" "$TmpDir/pki-user-show-tks-001_5.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-007: User id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test $user7" \ + 0 \ + "Add user $user7 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show $user7 > $TmpDir/pki-user-show-tks-001_6.out" \ + 0 \ + "Show user $user7" + rlAssertGrep "User \"$user7\"" "$TmpDir/pki-user-show-tks-001_6.out" + rlAssertGrep "User ID: $user7" "$TmpDir/pki-user-show-tks-001_6.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-008: --email with maximum length" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=\"$email\" u1" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u1 > $TmpDir/pki-user-show-tks-001_7.out" \ + 0 \ + "Show user u1" + rlAssertGrep "User \"u1\"" "$TmpDir/pki-user-show-tks-001_7.out" + rlAssertGrep "User ID: u1" "$TmpDir/pki-user-show-tks-001_7.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_7.out" + actual_email_string=`cat $TmpDir/pki-user-show-tks-001_7.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-009: --email with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + email=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + email=$email$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email='$email' u2" \ + 0 \ + "Added user using ${prefix}_adminV with maximum --email length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u2 > $TmpDir/pki-user-show-tks-001_8.out" \ + 0 \ + "Show user u2" + rlAssertGrep "User \"u2\"" "$TmpDir/pki-user-show-tks-001_8.out" + rlAssertGrep "User ID: u2" "$TmpDir/pki-user-show-tks-001_8.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_8.out" + actual_email_string=`cat $TmpDir/pki-user-show-tks-001_8.out | grep Email: | xargs echo` + expected_email_string="Email: $email" + if [[ $actual_email_string = $expected_email_string ]] ; then + rlPass "Email: $email found" + else + rlFail "Email: $email not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-010: --email with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=# u3" \ + 0 \ + "Add user u3 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u3 > $TmpDir/pki-user-show-tks-001_9.out" \ + 0 \ + "Add user u3" + rlAssertGrep "User \"u3\"" "$TmpDir/pki-user-show-tks-001_9.out" + rlAssertGrep "User ID: u3" "$TmpDir/pki-user-show-tks-001_9.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_9.out" + rlAssertGrep "Email: #" "$TmpDir/pki-user-show-tks-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-011: --email with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=* u4" \ + 0 \ + "Add user u4 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u4 > $TmpDir/pki-user-show-tks-001_10.out" \ + 0 \ + "Show user u4 using ${prefix}_adminV" + rlAssertGrep "User \"u4\"" "$TmpDir/pki-user-show-tks-001_10.out" + rlAssertGrep "User ID: u4" "$TmpDir/pki-user-show-tks-001_10.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_10.out" + rlAssertGrep "Email: *" "$TmpDir/pki-user-show-tks-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-012: --email with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=$ u5" \ + 0 \ + "Add user u5 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u5 > $TmpDir/pki-user-show-tks-001_11.out" \ + 0 \ + "Show user u5 using ${prefix}_adminV" + rlAssertGrep "User \"u5\"" "$TmpDir/pki-user-show-tks-001_11.out" + rlAssertGrep "User ID: u5" "$TmpDir/pki-user-show-tks-001_11.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_11.out" + rlAssertGrep "Email: \\$" "$TmpDir/pki-user-show-tks-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-013: --email as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --email=0 u6" \ + 0 \ + "Add user u6 using pki ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u6 > $TmpDir/pki-user-show-tks-001_12.out" \ + 0 \ + "Show user u6 using ${prefix}_adminV" + rlAssertGrep "User \"u6\"" "$TmpDir/pki-user-show-tks-001_12.out" + rlAssertGrep "User ID: u6" "$TmpDir/pki-user-show-tks-001_12.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_12.out" + rlAssertGrep "Email: 0" "$TmpDir/pki-user-show-tks-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-014: --state with maximum length" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2047 | tr -d '\n') + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=\"$state\" u7 " \ + 0 \ + "Add user u7 using pki ${prefix}_adminV with maximum --state length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u7 > $TmpDir/pki-user-show-tks-001_13.out" \ + 0 \ + "Show user u7 using ${prefix}_adminV" + rlAssertGrep "User \"u7\"" "$TmpDir/pki-user-show-tks-001_13.out" + rlAssertGrep "User ID: u7" "$TmpDir/pki-user-show-tks-001_13.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_13.out" + actual_state_string=`cat $TmpDir/pki-user-show-tks-001_13.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-tks-001_13.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-tks-001_13.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-015: --state with maximum length and symbols" + specialcharacters="!?@~#*^_+$" + state=$(openssl rand -base64 30000 | strings | grep -io [[:alnum:]] | head -n 2037 | tr -d '\n') + state=$state$specialcharacters + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state='$state' u8" \ + 0 \ + "Add user u8 using pki ${prefix}_adminV with maximum --state length and symbols" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u8 > $TmpDir/pki-user-show-tks-001_14.out" \ + 0 \ + "Show user u8 using ${prefix}_adminV" + rlAssertGrep "User \"u8\"" "$TmpDir/pki-user-show-tks-001_14.out" + rlAssertGrep "User ID: u8" "$TmpDir/pki-user-show-tks-001_14.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_14.out" + actual_state_string=`cat $TmpDir/pki-user-show-tks-001_14.out | grep State: | xargs echo` + expected_state_string="State: $state" + if [[ $actual_state_string = $expected_state_string ]] ; then + rlPass "State: $state found in $TmpDir/pki-user-show-tks-001_14.out" + else + rlFail "State: $state not found in $TmpDir/pki-user-show-tks-001_14.out" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-016: --state with # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=# u9" \ + 0 \ + "Added user using ${prefix}_adminV with --state # character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u9 > $TmpDir/pki-user-show-tks-001_15.out" \ + 0 \ + "Show user u9 using ${prefix}_adminV" + rlAssertGrep "User \"u9\"" "$TmpDir/pki-user-show-tks-001_15.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-show-tks-001_15.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_15.out" + rlAssertGrep "State: #" "$TmpDir/pki-user-show-tks-001_15.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-017: --state with * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=* u10" \ + 0 \ + "Adding user using ${prefix}_adminV with --state * character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u10 > $TmpDir/pki-user-show-tks-001_16.out" \ + 0 \ + "Show user u10 using ${prefix}_adminV" + rlAssertGrep "User \"u10\"" "$TmpDir/pki-user-show-tks-001_16.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-user-show-tks-001_16.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_16.out" + rlAssertGrep "State: *" "$TmpDir/pki-user-show-tks-001_16.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-018: --state with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=$ u11" \ + 0 \ + "Adding user using ${prefix}_adminV with --state $ character" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u11 > $TmpDir/pki-user-show-tks-001_17.out" \ + 0 \ + "Show user u11 using ${prefix}_adminV" + rlAssertGrep "User \"u11\"" "$TmpDir/pki-user-show-tks-001_17.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-user-show-tks-001_17.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_17.out" + rlAssertGrep "State: \\$" "$TmpDir/pki-user-show-tks-001_17.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-019: --state as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --state=0 u12" \ + 0 \ + "Adding user using ${prefix}_adminV with --state 0" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u12 > $TmpDir/pki-user-show-tks-001_18.out" \ + 0 \ + "Show pki ${prefix}_adminV user" + rlAssertGrep "User \"u12\"" "$TmpDir/pki-user-show-tks-001_18.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-user-show-tks-001_18.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_18.out" + rlAssertGrep "State: 0" "$TmpDir/pki-user-show-tks-001_18.out" + rlPhaseEnd + + #https://www.redhat.com/archives/pki-users/2010-February/msg00015.html + rlPhaseStartTest "pki_user_cli_user_show-TKS-020: --phone with maximum length" + phone=`echo $RANDOM` + stringlength=0 + while [[ $stringlength -lt 2049 ]] ; do + phone="$phone$RANDOM" + stringlength=`echo $phone | wc -m` + done + phone=`echo $phone | cut -c1-2047` + rlLog "phone=$phone" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=\"$phone\" u13" \ + 0 \ + "Adding user using ${prefix}_adminV with maximum --phone length" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u13 > $TmpDir/pki-user-show-tks-001_19.out" \ + 0 \ + "Show user u13 using ${prefix}_adminV" + rlAssertGrep "User \"u13\"" "$TmpDir/pki-user-show-tks-001_19.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-user-show-tks-001_19.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_19.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-tks-001_19.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-021: --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --phone=-1230 u14" \ + 0 \ + "Adding user using ${prefix}_adminV with --phone as negative number -1230" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-show u14 > $TmpDir/pki-user-show-tks-001_24.out" \ + 0 \ + "Show user u14 using ${prefix}_adminV" + rlAssertGrep "User \"u14\"" "$TmpDir/pki-user-show-tks-001_24.out" + rlAssertGrep "User ID: u14" "$TmpDir/pki-user-show-tks-001_24.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_24.out" + rlAssertGrep "Phone: -1230" "$TmpDir/pki-user-show-tks-001_24.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-022: --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=Auditors u15" \ + 0 \ + "Adding user using ${prefix}_adminV with --type as Auditors" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u15 > $TmpDir/pki-user-show-tks-001_25.out" \ + 0 \ + "Show user u15 using ${prefix}_adminV" + rlAssertGrep "User \"u15\"" "$TmpDir/pki-user-show-tks-001_25.out" + rlAssertGrep "User ID: u15" "$TmpDir/pki-user-show-tks-001_25.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_25.out" + rlAssertGrep "Type: Auditors" "$TmpDir/pki-user-show-tks-001_25.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-023: --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Certificate Manager Agents\" u16" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Certificate Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u16 > $TmpDir/pki-user-show-tks-001_26.out" \ + 0 \ + "Show user u16 using ${prefix}_adminV" + rlAssertGrep "User \"u16\"" "$TmpDir/pki-user-show-tks-001_26.out" + rlAssertGrep "User ID: u16" "$TmpDir/pki-user-show-tks-001_26.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_26.out" + rlAssertGrep "Type: Certificate Manager Agents" "$TmpDir/pki-user-show-tks-001_26.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-024: --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Registration Manager Agents\" u17" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Registration Manager Agents" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u17 > $TmpDir/pki-user-show-tks-001_27.out" \ + 0 \ + "Show user u17 using ${prefix}_adminV" + rlAssertGrep "User \"u17\"" "$TmpDir/pki-user-show-tks-001_27.out" + rlAssertGrep "User ID: u17" "$TmpDir/pki-user-show-tks-001_27.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_27.out" + rlAssertGrep "Type: Registration Manager Agents" "$TmpDir/pki-user-show-tks-001_27.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-025: --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Subsystem Group\" u18" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Subsystem Group" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-show u18 > $TmpDir/pki-user-show-tks-001_28.out" \ + 0 \ + "Show user u18 using ${prefix}_adminV" + rlAssertGrep "User \"u18\"" "$TmpDir/pki-user-show-tks-001_28.out" + rlAssertGrep "User ID: u18" "$TmpDir/pki-user-show-tks-001_28.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_28.out" + rlAssertGrep "Type: Subsystem Group" "$TmpDir/pki-user-show-tks-001_28.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-026: --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Security Domain Administrators\" u19" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Security Domain Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u19 > $TmpDir/pki-user-show-tks-001_29.out" \ + 0 \ + "Show user u19 using ${prefix}_adminV" + rlAssertGrep "User \"u19\"" "$TmpDir/pki-user-show-tks-001_29.out" + rlAssertGrep "User ID: u19" "$TmpDir/pki-user-show-tks-001_29.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_29.out" + rlAssertGrep "Type: Security Domain Administrators" "$TmpDir/pki-user-show-tks-001_29.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-027: --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=ClonedSubsystems u20" \ + 0 \ + "Adding user using ${prefix}_adminV with --type ClonedSubsystems" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u20 > $TmpDir/pki-user-show-tks-001_30.out" \ + 0 \ + "Show user u20 using ${prefix}_adminV" + rlAssertGrep "User \"u20\"" "$TmpDir/pki-user-show-tks-001_30.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-user-show-tks-001_30.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_30.out" + rlAssertGrep "Type: ClonedSubsystems" "$TmpDir/pki-user-show-tks-001_30.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-028: --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=test --type=\"Trusted Managers\" u21" \ + 0 \ + "Adding user using ${prefix}_adminV with --type Trusted Managers" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u21 > $TmpDir/pki-user-show-tks-001_31.out" \ + 0 \ + "Show user u21 using ${prefix}_adminV" + rlAssertGrep "User \"u21\"" "$TmpDir/pki-user-show-tks-001_31.out" + rlAssertGrep "User ID: u21" "$TmpDir/pki-user-show-tks-001_31.out" + rlAssertGrep "Full name: test" "$TmpDir/pki-user-show-tks-001_31.out" + rlAssertGrep "Type: Trusted Managers" "$TmpDir/pki-user-show-tks-001_31.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-029: Show user with -t tks option" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" u22" \ + 0 \ + "Adding user u22 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u22 > $TmpDir/pki-user-show-tks-001_32.out" \ + 0 \ + "Show user u22 using ${prefix}_adminV" + rlAssertGrep "User \"u22\"" "$TmpDir/pki-user-show-tks-001_32.out" + rlAssertGrep "User ID: u22" "$TmpDir/pki-user-show-tks-001_32.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tks-001_32.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-030: Add a user -- all options provided" + email="ca_agent2@myemail.com" + user_password="agent2Password" + phone="1234567890" + state="NC" + type="Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName=\"$user1fullname\" \ + --email $email \ + --password $user_password \ + --phone $phone \ + --state $state \ + --type $type \ + u23" \ + 0 \ + "Adding user u23 using ${prefix}_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23 > $TmpDir/pki-user-show-tks-001_33.out" \ + 0 \ + "Show user u23 using ${prefix}_adminV" + rlAssertGrep "User \"u23\"" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-tks-001_33.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-show-tks-001_33.out" + rlPhaseEnd + + #Negative Cases + rlPhaseStartTest "pki_user_cli_user_show-TKS-031: Missing required option user id" + command="pki -d $CERTDB_DIR -n ${prefix}_adminV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show" + rlLog "Executing $command" + errmsg="Error: No User ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show user without user id" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-032: Checking if user id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show U23 > $TmpDir/pki-user-show-tks-001_35.out 2>&1" \ + 0 \ + "User ID is not case sensitive" + rlAssertGrep "User \"U23\"" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "User ID: u23" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "Full name: $user1fullname" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "Email: $email" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "Phone: $phone" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "Type: $type" "$TmpDir/pki-user-show-tks-001_35.out" + rlAssertGrep "State: $state" "$TmpDir/pki-user-show-tks-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-033: Should not be able to show user using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n ${prefix}_adminR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-034: Should not be able to show user using a agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1202" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-035: Should not be able to show user using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n ${prefix}_agentV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-036: Should not be able to show user using a TKS_agentR user" + rlLog "To test error message consistency for the request pki_user_cli_user_show-TKS-034" + command="pki -d $CERTDB_DIR -n ${prefix}_agentR -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT)-t tks user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a revoked agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-037: Should not be able to show user using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_adminE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-038: Should not be able to show user using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n ${prefix}_agentE -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-039: Should not be able to show user using a TKS_auditV" + command="pki -d $CERTDB_DIR -n ${prefix}_auditV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a audit cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-040: Should not be able to show user using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n ${prefix}_operatorV -c $CERTDB_DIR_PASSWORD -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -t tks user-show u23" + rlLog "Executing $command" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show user u23 using a operator cert" + rlLog "PKI TICKET :: https://fedorahosted.org/pki/ticket/965" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-041: Should not be able to show user using a cert created from a untrusted CA role_user_UTCA" + rlLog "Executing: pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23" + rlRun "pki -d $UNTRUSTED_CERT_DB_LOCATION \ + -n $untrusted_cert_nickname \ + -c $UNTRUSTED_CERT_DB_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u23 > $TmpDir/pki-user-show-tks-role_user_UTCA-002.out 2>&1" \ + 255 \ + "Should not be able to show user u23 using a untrusted cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-tks-role_user_UTCA-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-tks-042: Should not be able to show user using a user cert" + #Create a user cert + local TEMP_NSS_DB="$TmpDir/nssdb" + local ret_reqstatus + local ret_requestid + local valid_serialNumber + local temp_out="$TmpDir/usercert-show.out" + rlRun "create_cert_request $TEMP_NSS_DB Password pkcs10 rsa 2048 \"pki User1\" \"pkiUser1\" \ + \"pkiuser1@example.org\" \"Engineering\" \"Example.Inc\" "US" "--" "ret_reqstatus" "ret_requestid" $CA_HOST $(eval echo \$${caId}_UNSECURE_PORT)" 0 "Generating pkcs10 Certificate Request" + rlLog "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1" + rlRun "pki -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD -n \"${caId}_agentV\" -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) ca-cert-request-review $ret_requestid \ + --action approve 1> $TmpDir/pki-approve-out" 0 "Approve Certificate requeset" + rlAssertGrep "Approved certificate request $ret_requestid" "$TmpDir/pki-approve-out" + rlLog "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid | grep \"Certificate ID\" | sed 's/ //g' | cut -d: -f2)" + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-request-show $ret_requestid > $TmpDir/usercert-show1.out" + valid_serialNumber=`cat $TmpDir/usercert-show1.out | grep 'Certificate ID' | sed 's/ //g' | cut -d: -f2` + rlLog "valid_serialNumber=$valid_serialNumber" + #Import user certs to $TEMP_NSS_DB + rlRun "pki -h $CA_HOST -p $(eval echo \$${caId}_UNSECURE_PORT) cert-show $valid_serialNumber --encoded > $temp_out" 0 "command pki cert-show $valid_serialNumber --encoded" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $temp_out -t "u,u,u"" + local expfile="$TmpDir/expfile_pkiuser1.out" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c Password \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u13" + echo "spawn -noecho pki -h $SUBSYSTEM_HOST -p $(eval echo \$${subsystemId}_UNSECURE_PORT) -d $TEMP_NSS_DB -n pkiUser1 -c Password user-show u13" > $expfile + echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)' +Import CA certificate (Y/n)? \"" >> $expfile + echo "send -- \"Y\r\"" >> $expfile + echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile + echo "send -- \"http://$HOSTNAME:$(eval echo \$${caId}_UNSECURE_PORT)/ca\r\"" >> $expfile + echo "expect eof" >> $expfile + echo "catch wait result" >> $expfile + echo "exit [lindex \$result 3]" >> $expfile + rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki-user-show-tks-pkiUser1-002.out 2>&1" 255 "Should not be able to find users using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-user-show-tks-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-043: user id length exceeds maximum limit defined in the schema" + user_length_exceed_max=$(openssl rand -base64 10000 | strings | tr -d '\n') + rlLog "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show \"$user_length_exceed_max\"" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show \"$user_length_exceed_max\" > $TmpDir/pki-user-show-tks-001_50.out 2>&1" \ + 255 \ + "Show user using ${prefix}_adminV with user id length exceed maximum defined in ldap schema" + rlAssertGrep "ProcessingException: Unable to invoke request" "$TmpDir/pki-user-show-tks-001_50.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-044: user name with i18n characters" + rlLog "user-add user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÖrjanÄke' u24 > $TmpDir/pki-user-show-tks-001_56.out 2>&1" \ + 0 \ + "Adding user name ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u24 > $TmpDir/pki-user-show-tks-001_56_2.out" \ + 0 \ + "Show user name with 'ÖrjanÄke'" + rlAssertGrep "User \"u24\"" "$TmpDir/pki-user-show-tks-001_56_2.out" + rlAssertGrep "User ID: u24" "$TmpDir/pki-user-show-tks-001_56_2.out" + rlAssertGrep "Full name: ÖrjanÄke" "$TmpDir/pki-user-show-tks-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_user_cli_user_show-TKS-045: user name with i18n characters" + rlLog "user-add userid ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-add --fullName='ÉricTêko' u25 > $TmpDir/pki-user-show-tks-001_57.out 2>&1" \ + 0 \ + "Adding user name ÉricTêko with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-show u25 > $TmpDir/pki-user-show-tks-001_57_2.out" \ + 0 \ + "Show user name with 'ÉricTêko'" + rlAssertGrep "User \"u25\"" "$TmpDir/pki-user-show-tks-001_57_2.out" + rlAssertGrep "User ID: u25" "$TmpDir/pki-user-show-tks-001_57_2.out" + rlAssertGrep "Full name: ÉricTêko" "$TmpDir/pki-user-show-tks-001_57_2.out" + rlPhaseEnd + + rlPhaseStartCleanup "pki_user_cli_user_cleanup-046: Deleting the temp directory and users" + del_user=(${prefix}_adminV_user ${prefix}_adminR_user ${prefix}_adminE_user role_user_UTCA_user ${prefix}_agentV_user ${prefix}_agentR_user ${prefix}_agentE_user ${prefix}_auditV_user ${prefix}_operatorV_user) + + #===Deleting users created using ${prefix}_adminV cert===# + i=1 + while [ $i -lt 26 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-user-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-user-00$i.out" + let i=$i+1 + done + #===Deleting users(symbols) created using ${prefix}_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval usr=\$user$j + rlRun "pki -d $CERTDB_DIR \ + -n ${prefix}_adminV \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t tks \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + user-del $usr > $TmpDir/pki-user-del-tks-user-symbol-00$j.out" \ + 0 \ + "Deleted user $usr" + rlAssertGrep "Deleted user \"$usr\"" "$TmpDir/pki-user-del-tks-user-symbol-00$j.out" + let j=$j+1 + done + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + else + rlLog "TKS instance is not installed" + fi +} |