path: root/tests/dogtag/acceptance/install-tests/
diff options
Diffstat (limited to 'tests/dogtag/acceptance/install-tests/')
1 files changed, 470 insertions, 0 deletions
diff --git a/tests/dogtag/acceptance/install-tests/ b/tests/dogtag/acceptance/install-tests/
new file mode 100644
index 000000000..122490e71
--- /dev/null
+++ b/tests/dogtag/acceptance/install-tests/
@@ -0,0 +1,470 @@
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# of /CoreOS/rhcs/acceptance/cli-tests/installer-tests/
+# Description: PKI CA Installer Test
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Author: Saili Pandit <>
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+# This copyrighted material is made available to anyone wishing
+# to use, modify, copy, or redistribute it subject to the terms
+# and conditions of the GNU General Public License version 2.
+# This program is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied
+# PURPOSE. See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301, USA.
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Include files
+. ./acceptance/quickinstall/
+. ./acceptance/quickinstall/
+. ./acceptance/quickinstall/
+. /opt/rhqa_pki/
+ subsystemId=$1
+ if [ "$TOPO9" = "TRUE" ] ; then
+ ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+ prefix=$subsystemId
+ CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
+ elif [ "$MYROLE" = "MASTER" ] ; then
+ if [[ $subsystemId == SUBCA* ]]; then
+ ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION)
+ prefix=$subsystemId
+ CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD)
+ else
+ prefix=ROOTCA
+ fi
+ else
+ prefix=$MYROLE
+ fi
+ SUBSYSTEM_HOST=$(eval echo \$${MYROLE})
+ INSTANCECFG=/tmp/ca_instance.inf
+ ##### Create a temporary directory to save output files #####
+ rlPhaseStartSetup "pki_run_rhcs_ca_installer_tests: Create temporary directory"
+ rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+ rlRun "pushd $TmpDir"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-001: Installing and Uninstalling CA"
+ run_rhcs_install_packages
+ if [ "$prefix" = "ROOTCA" ]; then
+ run_install_subsystem_RootCA
+ elif [[ $subsystemId = SUBCA* ]]; then
+ run_install_subsystem_subca
+ fi
+ rlRun "pkidaemon status tomcat > $TmpDir/ca-install.out"
+ exp_message2_1="PKI Instance Name: $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlAssertGrep "$exp_message2_1" "$TmpDir/ca-install.out"
+ exp_message2_2="PKI Subsystem Type: Root CA (Security Domain)"
+ rlAssertGrep "$exp_message2_2" "$TmpDir/ca-install.out"
+ rlLog "Uninstall CA tests"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)" > $TmpDir/uninstallCA.out
+ exp_message2_3 "Uninstallation complete" "$TmpDir/uninstallCA.out"
+ rlAssertGrep "$exp_message2_3" "$TmpDir/uninstallCA.out"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-002: Http port less than 1024"
+ local PORT=1023
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/tmpconfigfile1"
+ sed -i -e "/pki_https_port/s/=.*/=${PORT}/g" $TmpDir/tmpconfigfile1
+ rlRun "pkispawn -s CA -f $TmpDir/tmpconfigfile1 > $TmpDir/port_output_file.out 2>&1" 1 "Should not succeed"
+ exp_message_1="pkispawn : ERROR ....... port $PORT has invalid selinux context hi_reserved_port_t"
+ rlAssertGrep "$exp_message_1" "$TmpDir/port_output_file.out"
+ exp_message_2="Installation failed"
+ rlAssertGrep "$exp_message_2" "$TmpDir/port_output_file.out"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-003: Cert Tests nickname configurable"
+ rlLog "Checking if the nicknames for the CA certificates are configurable"
+ rlRun "pkispawn -s CA -f $INSTANCECFG"
+ rlRun "certutil -L -d /var/lib/pki/$ROOTCA_TOMCAT_INSTANCE_NAME/alias > $TmpDir/cert_nicknames.out"
+ rlAssertGrep "$exp_messg1_1" "$TmpDir/cert_nicknames.out"
+ rlAssertGrep "$exp_messg1_2" "$TmpDir/cert_nicknames.out"
+ rlAssertGrep "$exp_messg1_3" "$TmpDir/cert_nicknames.out"
+ rlAssertGrep "$exp_messg1_4" "$TmpDir/cert_nicknames.out"
+ rlAssertGrep "$exp_messg1_5" "$TmpDir/cert_nicknames.out"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-004: security domain parameters"
+ rlLog "Checking if a new security domain gets created for the CA"
+ local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d '=' -f 2)
+ local expfile=$TmpDir/
+ rlLog "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show""
+ echo "spawn -noecho "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d $(eval echo \$${prefix}_CERTDB_DIR) -w $password securitydomain-show"" > $expfile
+ echo "expect \"WARNING: UNTRUSTED ISSUER encountered on '$(eval echo \$${subsystemId}_SSL_SERVER_CERT_SUBJECT_NAME)' indicates a non-trusted CA cert '$(eval echo \$${subsystemId}_SIGNING_CERT_SUBJECT_NAME)'
+ Import CA certificate (Y/n)? \"" >> $expfile
+ echo "send -- \"Y\r\"" >> $expfile
+ echo "expect \"CA server URI \[http://$HOSTNAME:8080/ca\]: \"" >> $expfile
+ echo "send -- \"http://$HOSTNAME:$(eval echo \$${prefix}_UNSECURE_PORT)/ca\r\"" >> $expfile
+ echo "expect eof" >> $expfile
+ echo "catch wait result" >> $expfile
+ echo "exit [lindex \$result 3]" >> $expfile
+ rlRun "/usr/bin/expect -f $expfile > $TmpDir/pki_run_rhcs_ca_installer_tests-security_domain.out 2>&1" 0 "Should be able to get security domain information"
+ exp_messg1_1="Domain: $(hostname -d)"
+ rlAssertGrep "$exp_messg1_1" "$TmpDir/pki_run_rhcs_ca_installer_tests-security_domain.out"
+ exp_messg1_2="Host ID: CA $(hostname) $(eval echo \$${prefix}_SECURE_PORT)"
+ rlAssertGrep "$exp_messg1_2" "$TmpDir/pki_run_rhcs_ca_installer_tests-security_domain.out"
+ exp_messg1_3="Hostname: $(hostname)"
+ rlAssertGrep "$exp_messg1_3" "$TmpDir/pki_run_rhcs_ca_installer_tests-security_domain.out"
+ exp_messg1_4="Port: $(eval echo \$${prefix}_UNSECURE_PORT)"
+ exp_messg1_5="Secure Port: $(eval echo \$${prefix}_SECURE_PORT)"
+ exp_messg1_6="Domain Manager: TRUE"
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-005: same subject dn for two certs"
+ local subjectdn="cn=Common Name, O=Redhat"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e "/pki_ca_signing_subject_dn=/s/=.*/=${subjectdn}/g" $TmpDir/
+ sed -i -e "/pki_ocsp_signing_subject_dn=/s/=.*/=${subjectdn}/g" $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/nickname-test.out 2>&1" 1 "Should not succeed"
+ exp_message_2="Installation failed"
+ rlAssertGrep "$exp_message_2" "$TmpDir/nickname-test.out"
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlLog "PKI Ticket:"
+ rlPhaseEnd
+# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-006: same nickname for two certs"
+# local nickname=commonname
+# rlLog "Copying config file into temp file"
+# rlRun "cp $INSTANCECFG $TmpDir/"
+# sed -i -e "/pki_ca_signing_nickname=/s/=.*/=${nickname}/g" $TmpDir/
+# sed -i -e "/pki_ocsp_signing_nickname=/s/=.*/=${nickname}/g" $TmpDir/
+# rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/nickname_test.out 2>&1" 1 "Should fail"
+# exp_message_1="certutil: could not decode certificate: SEC_ERROR_REUSED_ISSUER_AND_SERIAL: You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert."
+# rlAssertGrep "$exp_message_1" "$TmpDir/nickname_test.out"
+# exp_message_2="Installation failed"
+# rlAssertGrep "$exp_message_2" "$TmpDir/nickname_test.out"
+# rlLog "PKI Ticket:"
+# rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+# rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-007: wrong ldap port"
+ local port=999
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e "/pki_ds_ldap_port=/s/=.*/=${port}/g" $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/ldap_port_test.out 2>&1" 1 "Should fail"
+ exp_message_1="ERROR: Unable to access directory server: Can't contact LDAP server"
+ rlAssertGrep "$exp_message_1" "$TmpDir/ldap_port_test.out"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-008: give existing base dn"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/existing_base_dn_1.out"
+ exp_messg1="The URL for the subsystem is:"
+ rlAssertGrep "$exp_messg1" "$TmpDir/existing_base_dn_1.out"
+ exp_messg2="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)"
+ rlAssertGrep "$exp_messg2" "$TmpDir/existing_base_dn_1.out"
+ sed -i -e "/pki_ds_remove_data=/s/=.*/=False/g" $TmpDir/
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/existing_base_dn_2.out 2>&1" 1 "Should fail"
+ exp_messg3="Installation failed."
+ rlAssertGrep "$exp_messg3" "$TmpDir/existing_base_dn_2.out"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-009: checking the pkcs12 password"
+ rlRun "pkispawn -s CA -f $INSTANCECFG"
+ local password=$(eval echo \$${prefix}_CLIENT_PKCS12_PASSWORD)
+ rlRun "pk12util -l $CLIENT_DIR/$(eval echo \$${prefix}_ADMIN_CERT_NICKNAME).p12 -W $password > $TmpDir/pkcs12_password.out"
+ exp_messg1="Friendly Name: $(eval echo \$${prefix}_ADMIN_CERT_NICKNAME)"
+ rlAssertGrep "$exp_messg1" "$TmpDir/pkcs12_password.out"
+ exp_messg2="$(eval echo \$${prefix}_ADMIN_CERT_SUBJECT_NAME)"
+ rlAssertGrep "$exp_messg2" "$TmpDir/pkcs12_password.out"
+ #cleanup
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-010: backup keys parameter"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ rlRun "pkispawn -s CA -f $TmpDir/"
+ rlRun "ls /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias > $TmpDir/ldap_backup_keys_test1.out"
+ exp_messg1_1="ca_backup_keys.p12"
+ rlAssertGrep "$exp_messg1_1" "$TmpDir/ldap_backup_keys_test1.out"
+ sed -i -e "/pki_backup_keys=/s/=.*/=False/g" $TmpDir/
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkispawn -s CA -f $TmpDir/"
+ rlRun "ls /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias/ca_backup_keys.p12 > $TmpDir/ldap_backup_keys_test2.out" 2 "Should Fail"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-011: backup password"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ rlRun "pkispawn -s CA -f $TmpDir/"
+ rlRun "pk12util -l /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias/ca_backup_keys.p12 -W $(eval echo \$${prefix}_BACKUP_PASSWORD) > $TmpDir/backup_passwd_test.out"
+ exp_messg1_1="Friendly Name: $(eval echo \$${prefix}_SIGNING_CERT_SUBJECT_NAME)"
+ rlAssertGrep "$exp_messg1_1" "$TmpDir/backup_passwd_test.out"
+ exp_messg1_2="Friendly Name: $(eval echo \$${prefix}_OCSP_SIGNING_CERT_SUBJECT_NAME)"
+ rlAssertGrep "$exp_messg1_2" "$TmpDir/backup_passwd_test.out"
+ exp_messg1_3="Friendly Name: $(eval echo \$${prefix}_SUBSYSTEM_CERT_SUBJECT_NAME)"
+ rlAssertGrep "$exp_messg1_3" "$TmpDir/backup_passwd_test.out"
+ exp_messg1_4="Friendly Name: $(eval echo \$${prefix}_AUDIT_SIGNING_CERT_SUBJECT_NAME)"
+ rlAssertGrep "$exp_messg1_4" "$TmpDir/backup_passwd_test.out"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-012: client database purge"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ rlRun "pkispawn -s CA -f $INSTANCECFG"
+ rlRun "ls $(eval echo \$${prefix}_CERTDB_DIR)" 2 "Should Fail"
+ sed -i -e "/pki_client_database_purge=/s/=.*/=False/g" $TmpDir/
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlRun "pkispawn -s CA -f $TmpDir/"
+ rlRun "ls $(eval echo \$${prefix}_CERTDB_DIR)" 0 "Should succeed"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-013: subject name special characters"
+ local subjectdn="cn=rh@cs/-$%%!!,O=red^hat"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e ' pki_ca_signing_subject_dn= s =.* =cn=rh@cs -$%%!!,O=red^hat g' $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/subjectdn_special_char.out"
+ #expected output & cleanup
+ #installs fine if two % are used but gives an error on just one %
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-014: invalid key size for certificate"
+ local keysize=1234
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e "/pki_ca_signing_key_size=/s/=.*/=$keysize/g" $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/invalid_key.out 2>&1" 1 "Should fail"
+ exp_messg1="Installation failed."
+ rlAssertGrep "$exp_messg1" "$TmpDir/invalid_key.out"
+ expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ should give a more desciptive error
+ rlLog "PKI Ticket:"
+ rlPhaseEnd
+#### Un comment this test only after the bug is fixed. ####
+# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-015: same port for http and https"
+# local port=30002
+# rlLog "Copying config file into temp file"
+# rlRun "cp $INSTANCECFG $TmpDir/"
+# sed -i -e "/pki_http_port=/s/=.*/=$port/g" $TmpDir/
+# sed -i -e "/pki_https_port=/s/=.*/=$port/g" $TmpDir/
+# rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/same_ports.out 2>&1" 1 "Should fail"
+# Installing CA into /var/lib/pki/pki-subca.
+# Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-subca/ca/deployment.cfg.
+# Traceback (most recent call last):
+# File "/usr/lib64/python2.7/logging/", line 851, in emit
+# msg = self.format(record)
+# File "/usr/lib64/python2.7/logging/", line 724, in format
+# return fmt.format(record)
+# File "/usr/lib64/python2.7/logging/", line 467, in format
+# s = self._fmt % record.__dict__
+# KeyError: 'indent'
+# Logged from file, line 133
+# Installation failed.
+# exp_messg1="Installation failed."
+# rlAssertGrep "$exp_messg1" "$TmpDir/same_ports.out"
+# should give a more desciptive error
+# expected output & cleanup
+# ask about this test
+# rlLog "PKI Ticket:"
+# rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-016: long security domain name"
+ local secdomain_name="This is the security domain for a root ca which is the at the highest level in the CA hierarchy"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e "/pki_security_domain_name=/s/=.*/=$secdomain_name/g" $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/"
+ local password=$(grep "internal=" /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/conf/password.conf | cut -d "=" -f 2)
+ rlRun "pki -U https://$SUBSYSTEM_HOST:$(eval echo \$${prefix}_SECURE_PORT) -d /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias -w $password securitydomain-show > $TmpDir/long_sec_domain_name.out"
+ exp_messg1="Domain: $secdomain_name"
+ rlAssertGrep "$exp_messg1" "$TmpDir/long_sec_domain_name.out"
+ #expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-017: wrong ds password"
+ local password=random
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e "/pki_ds_password=/s/=.*/=$password/g" $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/wrong_ds_passwd.out 2>&1" 1 "Should fail"
+ #expected o/p and cleanup
+ exp_messg1="ERROR: Unable to access directory server: Invalid credentials"
+ rlAssertGrep "$exp_messg1" "$TmpDir/wrong_ds_passwd.out"
+ rlPhaseEnd
+# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-018: instance creation as non root user"
+# local username=rhcs
+# local expfile=$TmpDir/expect-test-018.out
+# local expfile2=$TmpDir/expect-test-018-02.out
+# local password1=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1)
+# echo "spawn -noecho "passwd"" > $expfile
+# echo "expect \"Changing password for user root \"" >> $expfile
+# echo "expect \"New password: \"" >> $expfile
+# echo "send -- \"$password1\r\"" >> $expfile
+# echo "expect \"Retype new password: \"" >> $expfile
+# echo "send -- \"$password1\r\"" >> $expfile
+# echo "expect eof" >> $expfile
+# echo "catch wait result" >> $expfile
+# echo "exit [lindex \$result 3]" >> $expfile
+# rlRun "/usr/bin/expect -f $expfile > $TmpDir/change_password.out 2>&1"
+# rlRun "adduser $username"
+# rlRun "su $username"
+# rlRun "cp $INSTANCECFG /home/$username/"
+# rlLog "Copying config file into temp file"
+# rlRun "pkispawn -s CA -f /home/$username/ > /home/$username/nonroot.out 2>&1" 1 "Should fail"
+# exp_messg1="'/usr/sbin/pkispawn' must be run as root!"
+# rlAssertGrep "$exp_messg1" "/home/$username/nonroot.out"
+# #expected output & cleanup
+# echo "spawn -noecho "su root"" > $expfile2
+# echo "expect \"password \"" >> $expfile2
+# echo "send -- \"$password1\r\"" >> $expfile2
+# rlRun "/usr/bin/expect -f $expfile2"
+# rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-019: special characters in certificate nickname"
+ local nickname=rh@cs/-$%%!!red^hat
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e ' pki_ca_signing_nickname= s =.*/=rh@cs/-$%%!!red^hat g' $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/subjectdn_special_char.out"
+ #expected output & cleanup
+ #ask about this, same problem as subject dn
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-020: ds password not provided"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e "/pki_ds_password=/d" $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/no_ds_password.out 2>&1" 1 "Should fail"
+ exp_messg1="pkispawn : ERROR A value for 'pki_ds_password' MUST be defined in '$TmpDir/'"
+ rlAssertGrep "$exp_messg1" "$TmpDir/no_ds_password.out"
+ expected output & cleanup
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-021: token and token password"
+ rlRun "pkispawn -s CA -f $INSTANCECFG"
+ local password_token=$(eval echo \$${prefix}_TOKEN_PASSWORD)
+ local password=$(eval echo \$${prefix}_CLIENT_PKCS12_PASSWORD)
+ rlRun "pk12util -l $CLIENT_DIR/$(eval echo \$${prefix}_ADMIN_CERT_NICKNAME).p12 -W $password -K $password_token > $TmpDir/token_password.out"
+ exp_messg1="Friendly Name: $(eval echo \$${prefix}_ADMIN_CERT_NICKNAME)"
+ rlAssertGrep "$exp_messg1" "$TmpDir/token_password.out"
+ exp_messg2="$(eval echo \$${prefix}_ADMIN_CERT_SUBJECT_NAME)"
+ rlAssertGrep "$exp_messg2" "$TmpDir/token_password.out"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-022: invalid email in admin paramneters"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e "/pki_admin_email=/s/=.*/=pki-ca-test/g" $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/invalid_email.out 2>&1" 1 "Should fail"
+ exp_messg="Installation failed"
+ rlAssertGrep "$exp_messg" "$TmpDir/invalid_email.out"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ ###not failing##
+ rlPhaseEnd
+# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-023: skip configuration"
+# rlLog "Copying config file into temp file"
+# rlRun "cp $INSTANCECFG $TmpDir/"
+# sed -i -e "/pki_skip_configuration=/s/=.*/=True/g" $TmpDir/
+# rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/skip_config.out"
+# exp_messg1_1="The CA subsystem of the '$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)' instance"
+# rlAssertGrep "$exp_messg1_1" "$TmpDir/skip_config.out"
+# exp_messg1_2="must still be configured!"
+# rlAssertGrep "$exp_messg1_2" "$TmpDir/skip_config.out"
+# rlPhaseEnd
+# rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-024: skip installation"
+# rlLog "Copying config file into temp file"
+# rlRun "cp $INSTANCECFG $TmpDir/"
+# sed -i -e "/pki_skip_installation=/s/=.*/=True/g" $TmpDir/
+# rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/skip_install.out"
+# exp_message1="Administrator's username: $(eval echo \$${prefix}_ADMIN_USER)"
+# rlAssertGrep "$exp_message1" "$TmpDir/skip_install.out"
+# exp_message2="$(eval echo \$${prefix}_DOMAIN)"
+# rlAssertGrep "$exp_message2" "$TmpDir/skip_install.out"
+# exp_message3_1="To check the status of the subsystem:"
+# rlAssertGrep "$exp_message3_1" "$TmpDir/skip_install.out"
+# exp_message3_2="systemctl status pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
+# rlAssertGrep "$exp_message3_2" "$TmpDir/skip_install.out"
+# exp_message4_1="To restart the subsystem:"
+# rlAssertGrep "$exp_message4_1" "$TmpDir/skip_install.out"
+# exp_message4_2=" systemctl restart pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
+# rlAssertGrep "$exp_message4_2" "$TmpDir/skip_install.out"
+# exp_message5="The URL for the subsystem is:"
+# rlAssertGrep "$exp_message5" "$TmpDir/skip_install.out"
+# exp_message5_1="https://$(hostname):$(eval echo \$${prefix}_SECURE_PORT)/ca"
+# rlAssertGrep "$exp_message5_1" "$TmpDir/skip_install.out"
+# rlLog "cleanup"
+# rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+# rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-025: installation when another instance is already running"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/install_1.out"
+ exp_messg1="systemctl status pki-tomcatd@$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME).service"
+ rlAssertGrep "$exp_messg1" "$TmpDir/install_1.out"
+ rlRun "pkispawn -s CA -f $TmpDir/ > $TmpDir/install_2.out 2>&1" 1 "Should Fail"
+ exp_messg2="pkispawn : ERROR ....... PKI subsystem 'CA' for instance '$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)' already exists!"
+ rlAssertGrep "$exp_messg2" "$TmpDir/install_2.out"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ rlPhaseEnd
+ rlPhaseStartTest "pki_run_rhcs_ca_installer_tests-026: empty nickname for a certificate"
+ rlLog "Copying config file into temp file"
+ rlRun "cp $INSTANCECFG $TmpDir/"
+ sed -i -e "/pki_ca_signing_nickname=/s/=.*/=/g" $TmpDir/
+ rlRun "pkispawn -s CA -f $TmpDir/"
+ rlRun "certutil -L -d /var/lib/pki/$(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)/alias > $TmpDir/empty_nickname.out"
+ exp_messg1="(NULL)"
+ rlAssertGrep "$exp_messg1" "$TmpDir/empty_nickname.out"
+ expected output & cleanup
+ rlLog "cleanup"
+ rlRun "pkidestroy -s CA -i $(eval echo \$${prefix}_TOMCAT_INSTANCE_NAME)"
+ installation goes fine but a null cert gets created which gives segmentation fault on doing a pk12util
+ rlLog "PKI Ticket:"
+ rlPhaseEnd