From c67d952344f4936cc77a61d1db06d272b7f41bc5 Mon Sep 17 00:00:00 2001 From: Roshni Pattath Date: Thu, 11 Jun 2015 08:12:58 -0400 Subject: OCSP, TKS and TPS group tests --- tests/dogtag/Makefile | 120 ++- .../ocsp/pki-group-cli-group-add-ocsp.sh | 594 +++++++++++ .../ocsp/pki-group-cli-group-del-ocsp.sh | 658 ++++++++++++ .../ocsp/pki-group-cli-group-find-ocsp.sh | 675 ++++++++++++ .../ocsp/pki-group-cli-group-member-add-ocsp.sh | 1109 +++++++++++++++++++ .../ocsp/pki-group-cli-group-member-del-ocsp.sh | 789 ++++++++++++++ .../ocsp/pki-group-cli-group-member-find-ocsp.sh | 811 ++++++++++++++ .../ocsp/pki-group-cli-group-member-show-ocsp.sh | 558 ++++++++++ .../ocsp/pki-group-cli-group-mod-ocsp.sh | 555 ++++++++++ .../ocsp/pki-group-cli-group-show-ocsp.sh | 732 +++++++++++++ .../tks/pki-group-cli-group-add-tks.sh | 594 +++++++++++ .../tks/pki-group-cli-group-del-tks.sh | 658 ++++++++++++ .../tks/pki-group-cli-group-find-tks.sh | 651 ++++++++++++ .../tks/pki-group-cli-group-member-add-tks.sh | 1121 ++++++++++++++++++++ .../tks/pki-group-cli-group-member-del-tks.sh | 801 ++++++++++++++ .../tks/pki-group-cli-group-member-find-tks.sh | 818 ++++++++++++++ .../tks/pki-group-cli-group-member-show-tks.sh | 558 ++++++++++ .../tks/pki-group-cli-group-mod-tks.sh | 554 ++++++++++ .../tks/pki-group-cli-group-show-tks.sh | 732 +++++++++++++ .../tps/pki-group-cli-group-add-tps.sh | 593 +++++++++++ .../tps/pki-group-cli-group-del-tps.sh | 658 ++++++++++++ .../tps/pki-group-cli-group-find-tps.sh | 651 ++++++++++++ .../tps/pki-group-cli-group-member-add-tps.sh | 1119 +++++++++++++++++++ .../tps/pki-group-cli-group-member-del-tps.sh | 799 ++++++++++++++ .../tps/pki-group-cli-group-member-find-tps.sh | 822 ++++++++++++++ .../tps/pki-group-cli-group-member-show-tps.sh | 558 ++++++++++ .../tps/pki-group-cli-group-mod-tps.sh | 557 ++++++++++ .../tps/pki-group-cli-group-show-tps.sh | 732 +++++++++++++ .../pki-ocsp-group-cli-ocsp-group-add.sh | 604 +++++++++++ .../pki-ocsp-group-cli-ocsp-group-del.sh | 634 +++++++++++ .../pki-ocsp-group-cli-ocsp-group-find.sh | 656 ++++++++++++ .../pki-ocsp-group-cli-ocsp-group-member-add.sh | 1058 ++++++++++++++++++ .../pki-ocsp-group-cli-ocsp-group-member-del.sh | 757 +++++++++++++ .../pki-ocsp-group-cli-ocsp-group-member-find.sh | 792 ++++++++++++++ .../pki-ocsp-group-cli-ocsp-group-member-show.sh | 530 +++++++++ .../pki-ocsp-group-cli-ocsp-group-mod.sh | 545 ++++++++++ .../pki-ocsp-group-cli-ocsp-group-show.sh | 700 ++++++++++++ .../cli-tests/pki-tests-setup/create-role-users.sh | 89 +- .../pki-tks-group-cli-tks-group-add.sh | 600 +++++++++++ .../pki-tks-group-cli-tks-group-del.sh | 634 +++++++++++ .../pki-tks-group-cli-tks-group-find.sh | 634 +++++++++++ .../pki-tks-group-cli-tks-group-member-add.sh | 1067 +++++++++++++++++++ .../pki-tks-group-cli-tks-group-member-del.sh | 767 ++++++++++++++ .../pki-tks-group-cli-tks-group-member-find.sh | 797 ++++++++++++++ .../pki-tks-group-cli-tks-group-member-show.sh | 527 +++++++++ .../pki-tks-group-cli-tks-group-mod.sh | 542 ++++++++++ .../pki-tks-group-cli-tks-group-show.sh | 699 ++++++++++++ .../pki-tps-group-cli-tps-group-add.sh | 599 +++++++++++ .../pki-tps-group-cli-tps-group-del.sh | 634 +++++++++++ .../pki-tps-group-cli-tps-group-find.sh | 631 +++++++++++ .../pki-tps-group-cli-tps-group-member-add.sh | 1065 +++++++++++++++++++ .../pki-tps-group-cli-tps-group-member-del.sh | 771 ++++++++++++++ .../pki-tps-group-cli-tps-group-member-find.sh | 797 ++++++++++++++ .../pki-tps-group-cli-tps-group-member-show.sh | 527 +++++++++ .../pki-tps-group-cli-tps-group-mod.sh | 548 ++++++++++ .../pki-tps-group-cli-tps-group-show.sh | 700 ++++++++++++ .../acceptance/quickinstall/rhcs-install-lib.sh | 182 ++-- .../dogtag/acceptance/quickinstall/rhcs-install.sh | 65 +- tests/dogtag/runtest.sh | 1008 ++++++++++++++++-- tests/dogtag/topologies.sh | 14 +- 60 files changed, 39496 insertions(+), 254 deletions(-) create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-add-ocsp.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-del-ocsp.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-find-ocsp.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-add-ocsp.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-del-ocsp.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-find-ocsp.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-show-ocsp.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-mod-ocsp.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-show-ocsp.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-add-tks.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-del-tks.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-find-tks.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-add-tks.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-del-tks.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-find-tks.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-show-tks.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-mod-tks.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-show-tks.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-add-tps.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-del-tps.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-find-tps.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-add-tps.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-del-tps.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-find-tps.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-show-tps.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-mod-tps.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-show-tps.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-add.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-del.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-add.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-del.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-mod.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-add.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-del.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-add.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-del.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-mod.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-add.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-del.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-add.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-del.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-mod.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-show.sh diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index 3b0bab4c4..9fac29b4c 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -25,6 +25,12 @@ export TEST=/CoreOS/dogtag/PKI_TEST_USER_ID export TESTVERSION=1.0.8_RPM_IDENTIFIER +#TESTBASE=/pki-tests/dogtag +#export TEST=$(TESTBASE) +#export TESTVERSION=$(shell echo -n `date +%Y%m%d%H%M%S`; \ +# [ -n "`git status --porcelain --untracked-files=no`" ] && \ +# echo .`git rev-parse --short HEAD`) + BUILT_FILE= @@ -167,15 +173,15 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/cli-tests/pki-ca-cert-cli/pki-ca-cert-cli-request-find-ca.sh chmod a+x ./acceptance/cli-tests/pki-ca-cert-cli/pki-ca-cert-cli-find-ca.sh #group CA - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-add-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-show-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-find-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-mod-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-del-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-add-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-find-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-del-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-show-ca.sh #CA group chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-add.sh chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh @@ -187,25 +193,85 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-find.sh chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-del.sh #group KRA - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh - chmod a+x ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-add-kra.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-show-kra.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-find-kra.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-mod-kra.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-del-kra.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-add-kra.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-find-kra.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-del-kra.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-show-kra.sh #KRA group - chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-add.sh - chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-find.sh - chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-mod.sh - chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-show.sh - chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-del.sh - chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-add.sh - chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-show.sh - chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-find.sh - chmod a+x ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-del.sh + chmod a+x ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-add.sh + chmod a+x ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-find.sh + chmod a+x ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-mod.sh + chmod a+x ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-show.sh + chmod a+x ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-del.sh + chmod a+x ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-add.sh + chmod a+x ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-show.sh + chmod a+x ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-find.sh + chmod a+x ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-del.sh + #group OCSP + chmod a+x ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-add-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-show-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-find-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-mod-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-del-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-add-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-find-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-del-ocsp.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-show-ocsp.sh + #OCSP group + chmod a+x ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-add.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-mod.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-find.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-show.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-del.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-add.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-show.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-find.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-del.sh + #TKS group + chmod a+x ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-add.sh + chmod a+x ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-mod.sh + chmod a+x ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-find.sh + chmod a+x ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-show.sh + chmod a+x ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-del.sh + chmod a+x ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-add.sh + chmod a+x ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-show.sh + chmod a+x ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-find.sh + chmod a+x ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-del.sh + #group TKS + chmod a+x ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-add-tks.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-show-tks.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-find-tks.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-mod-tks.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-del-tks.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-add-tks.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-find-tks.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-del-tks.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-show-tks.sh + #TPS group + chmod a+x ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-add.sh + chmod a+x ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-mod.sh + chmod a+x ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-find.sh + chmod a+x ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-show.sh + chmod a+x ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-del.sh + chmod a+x ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-add.sh + chmod a+x ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-show.sh + chmod a+x ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-find.sh + chmod a+x ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-del.sh + #group TPS + chmod a+x ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-add-tps.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-show-tps.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-find-tps.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-mod-tps.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-del-tps.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-add-tps.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-find-tps.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-del-tps.sh + chmod a+x ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-show-tps.sh #key KRA chmod a+x ./acceptance/cli-tests/pki-key-cli/pki-key-cli-kra.sh chmod a+x ./acceptance/cli-tests/pki-key-cli/pki-key-cli-generate-kra.sh diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-add-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-add-ocsp.sh new file mode 100755 index 000000000..0427adb82 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-add-ocsp.sh @@ -0,0 +1,594 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-add-ocsp Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-group-cli-group-add-ocsp.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-add-ocsp_tests(){ + #### Create Temporary directory #### + + rlPhaseStartSetup "pki_group_cli_group_add_ocsp-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + + ##### Tests to add OCSP groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_group_cli_group_add_ocsp-001: Add a group to OCSP using OCSP_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-ocsp-group-add-001.out" \ + 0 \ + "Add group $group1 to OCSP" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-ocsp-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-ocsp-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-ocsp-group-add-001_1.out" \ + 0 \ + "Added group using OCSP_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-ocsp-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-ocsp-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description test $group3 > $TmpDir/pki-ocsp-group-add-001_2.out" \ + 0 \ + "Added group using OCSP_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-ocsp-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-ocsp-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group4 > $TmpDir/pki-ocsp-group-add-001_3.out" \ + 0 \ + "Added group using OCSP_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-ocsp-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-ocsp-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group5 > $TmpDir/pki-ocsp-group-add-001_4.out " \ + 0 \ + "Added group using OCSP_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-ocsp-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-ocsp-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group6 > $TmpDir/pki-ocsp-group-add-001_5.out " \ + 0 \ + "Added group using OCSP_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-ocsp-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-ocsp-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group7 > $TmpDir/pki-ocsp-group-add-001_6.out " \ + 0 \ + "Added group using OCSP_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-ocsp-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-ocsp-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-ocsp-group-add-001_7.out" \ + 0 \ + "Added group using OCSP_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-ocsp-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-ocsp-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-ocsp-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-ocsp-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='$groupdesc' g2 > $TmpDir/pki-ocsp-group-add-001_8.out" \ + 0 \ + "Added group using OCSP_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-ocsp-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-ocsp-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-010: Add a duplicate group to OCSP" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-011: Add a group to OCSP with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$desc\" g3 > $TmpDir/pki-ocsp-group-add-0011.out" \ + 0 \ + "Add group g3 to OCSP" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-ocsp-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-ocsp-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add g7 > $TmpDir/pki-ocsp-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-ocsp-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-ocsp-group-add-0013.out" + rlPhaseEnd + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_add_ocsp-014: Should not be able to add group using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-015: Should not be able to add group using a agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert OCSP_agentR" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_add_ocsp-016: Should not be able to add group using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert OCSP_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_add_ocsp-017: Should not be able to add group using admin user with expired cert OCSP_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-018: Should not be able to add group using OCSP_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert OCSP_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_add_ocsp-019: Should not be able to add group using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert OCSP_auditorV" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_group_cli_group_add_ocsp-020: Should not be able to add group using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using OCSP_operatorV" + rlPhaseEnd + + ##### Tests to add groups using OCSP_adminUTCA and OCSP_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_add_ocsp-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using OCSP_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-023: description with i18n characters" + rlLog "group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='Örjan Äke' g4 > $TmpDir/pki-ocsp-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-ocsp-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-ocsp-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-024: description with i18n characters" + rlLog "group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='Éric Têko' g5 > $TmpDir/pki-ocsp-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-ocsp-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-ocsp-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-ocsp-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-025: description with i18n characters" + rlLog "group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-ocsp-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-ocsp-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-ocsp-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-ocsp-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g6 > $TmpDir/pki-ocsp-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-ocsp-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-ocsp-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-ocsp-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-ocsp-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_ocsp-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-ocsp-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-ocsp-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-ocsp-group-add-001_57.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_ocsp: Deleting groups" + + #===Deleting groups created using OCSP_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g$i > $TmpDir/pki-ocsp-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-ocsp-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using OCSP_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del '$grp' > $TmpDir/pki-ocsp-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-ocsp-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-ocsp-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-ocsp-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-ocsp-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÉricTêko' > $TmpDir/pki-ocsp-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-ocsp-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-add cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-del-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-del-ocsp.sh new file mode 100755 index 000000000..fb0659592 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-del-ocsp.sh @@ -0,0 +1,658 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-del-ocsp Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-del-ocsp_tests(){ + + rlPhaseStartSetup "pki_group_cli_group_del_ocsp-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-001: Delete valid groups" + group1=ocsp_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to OCSP using OCSP_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using OCSP_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g$i > $TmpDir/pki-ocsp-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-ocsp-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to OCSP using OCSP_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using OCSP_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del $grp > $TmpDir/pki-ocsp-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-ocsp-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-002: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del GROUP_ABC > $TmpDir/pki-ocsp-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-ocsp-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-003: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-004: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test \"$group2\" > $TmpDir/pki-ocsp-group-add-001_1.out" \ + 0 \ + "Added group using OCSP_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del \"$group2\" > $TmpDir/pki-ocsp-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using OCSP_adminV" + actual_groupid_string=`cat $TmpDir/pki-ocsp-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + rlLog "$actual_groupid_string" + rlLog "$expected_groupid_string" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-005: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test '$groupid' > $TmpDir/pki-ocsp-group-add-001_8.out 2>&1" \ + 0 \ + "Added group using OCSP_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del '$groupid' > $TmpDir/pki-ocsp-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using OCSP_adminV" + actual_groupid_string=`cat $TmpDir/pki-ocsp-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show '$groupid' > $TmpDir/pki-ocsp-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-ocsp-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-006: Delete group from OCSP with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-ocsp-group-add-009.out" \ + 0 \ + "Add group g1 to OCSP" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g1 > $TmpDir/pki-ocsp-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t ocsp option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-ocsp-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-007: Should not be able to delete group using a revoked cert OCSP_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-ocsp-010.out" \ + 0 \ + "Add group g2 to OCSP" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g2 > $TmpDir/pki-ocsp-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-ocsp-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-ocsp-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-008: Should not be able to delete group using a agent with revoked cert OCSP_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-ocsp-010.out" \ + 0 \ + "Add group g3 to OCSP" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g3 > $TmpDir/pki-ocsp-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-ocsp-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-ocsp-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-009: Should not be able to delete group using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g3 > $TmpDir/pki-ocsp-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-ocsp-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-ocsp-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-010: Should not be able to delete group using a admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g3 > $TmpDir/pki-group-show-ocsp-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-011: Should not be able to delete a group using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-show g3 > $TmpDir/pki-group-show-ocsp-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-012: Should not be able to delete group using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a audit cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g3 > $TmpDir/pki-group-show-ocsp-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-013: Should not be able to delete group using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g3 > $TmpDir/pki-group-show-ocsp-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-014: Should not be able to delete group using a cert created from a untrusted CA OCSP_adminUTCA" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g3 > $TmpDir/pki-group-show-ocsp-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del-015: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_del_encoded_0025pkcs10.out > $TmpDir/pki_ocsp_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_ocsp_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g3 > $TmpDir/pki-ocsp-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g3 > $TmpDir/pki-group-show-ocsp-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g3 > $TmpDir/pki-group-del-ocsp-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-016: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-ocsp-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-ocsp-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-ocsp-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ocsp-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ocsp-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_ocsp-017: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-ocsp-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-ocsp-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ocsp-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show 'ÉricTêko' > $TmpDir/pki-group-add-ocsp-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-ocsp-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ocsp-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-ocsp-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ocsp-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_cleanup_ocsp: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-del-ocsp cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-find-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-find-ocsp.sh new file mode 100755 index 000000000..d6182db3b --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-find-ocsp.sh @@ -0,0 +1,675 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-find-ocsp To list groups in OCSP. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-find-ocsp_tests(){ +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_group_cli_group_find_ocsp-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_group_cli_group_find_ocsp-startup: Create temporary directory and add groups" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=5 > $TmpDir/pki-ocsp-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-ocsp-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=0 > $TmpDir/pki-ocsp-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-005: Find all groups, large value as input" + large_num="1000000" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=$large_num" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=$large_num > $TmpDir/pki-ocsp-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-ocsp-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=$maximum_check > $TmpDir/pki-ocsp-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-ocsp-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_find_ocsp-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find > $TmpDir/pki-ocsp-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in OCSP" + group_entry_10=`cat $TmpDir/pki-ocsp-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=10 > $TmpDir/pki-ocsp-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-ocsp-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-ocsp-group-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=10000 > $TmpDir/pki-ocsp-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=$maximum_check > $TmpDir/pki-ocsp-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=0 > $TmpDir/pki-ocsp-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-ocsp-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find > $TmpDir/pki-ocsp-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in OCSP" + group_entry_12=`cat $TmpDir/pki-ocsp-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=12 --size=12 > $TmpDir/pki-ocsp-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-ocsp-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-ocsp-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find > $TmpDir/pki-ocsp-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in OCSP" + group_entry_12=`cat $TmpDir/pki-ocsp-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=12 --size=0 > $TmpDir/pki-ocsp-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-021: Should not be able to find group using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-022: Should not be able to find groups using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-023: Should not be able to find groups using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-ocsp-024: Should not be able to find groups using admin user with expired cert OCSP_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-025: Should not be able to find groups using OCSP_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-026: Should not be able to find groups using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-027: Should not be able to find groups using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-028: Should not be able to find groups using a cert created from a untrusted CA CA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using OCSP_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_find_encoded_0029pkcs10.out > $TmpDir/pki_ocsp_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_ocsp_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --start=1 --size=5 > $TmpDir/pki-ocsp-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-group-find-pkiUser1-002.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=1000 > $TmpDir/pki-ocsp-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-ocsp-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-ocsp-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-ocsp-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find --size=1000 > $TmpDir/pki-ocsp-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-ocsp-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-ocsp-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find Administrator > $TmpDir/pki-ocsp-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-ocsp-group-show-033.out" + rlAssertGrep "Group ID: Security Domain Administrators" "$TmpDir/pki-ocsp-group-show-033.out" + rlAssertGrep "Group ID: Enterprise OCSP Administrators" "$TmpDir/pki-ocsp-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-033: find group - filter 'OCSP'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocps \ + group-find OCSP" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-find OCSP > $TmpDir/pki-ocsp-group-show-034.out" \ + 0 \ + "Find group with Keyword OCSP" + rlAssertGrep "Group ID: Enterprise OCSP Administrators" "$TmpDir/pki-ocsp-group-show-034.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_ocsp-034: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using OCSP_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g$i > $TmpDir/pki-group-del-ocsp-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ocsp-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ocsp-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-ocsp-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ocsp-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-find-ocsp cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-add-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-add-ocsp.sh new file mode 100755 index 000000000..c3081efb9 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-add-ocsp.sh @@ -0,0 +1,1109 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-membership-add-ocsp CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-add-ocsp Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-add-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-add-ocsp_tests(){ + rlPhaseStartSetup "pki_group_cli_group_membership-add-ocsp-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-001: Add users to available groups using valid admin user OCSP_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-ocsp-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-ocsp-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show u$i > $TmpDir/pki-ocsp-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-ocsp-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" u$i > $TmpDir/pki-ocsp-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-002: Add a user to all available groups using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-ocsp-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-ocsp-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show userall > $TmpDir/pki-ocsp-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-ocsp-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" userall > $TmpDir/pki-ocsp-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-003: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-ocsp-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-ocsp-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-ocsp-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-ocsp-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-show user1 > $TmpDir/pki-ocsp-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-ocsp-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-ocsp-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-ocsp-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-ocsp-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-004: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-ocsp-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-005: Should be able to group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-ocsp-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-ocsp-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-ocsp-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-006: Should not be able to group-member-add using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-007: Should not be able to group-member-add using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-008: Should not be able to group-member-add using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-009: Should not be able to group-member-add using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-010: Should not be able to group-member-add using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-011: Should not be able to group-member-add using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-012: Should not be able to group-member-add using OCSP_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using OCSP_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-013: Should not be able to group-member-add using OCSP_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using OCSP_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-014: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" testuser1 > $TmpDir/pki-ocsp-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-ocsp-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add testuser1 --input $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-ocsp-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-ocsp-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find $groupid4 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test_user us19 > $TmpDir/pki-ocsp-user-add-019_4.out 2>&1" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-ocsp-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-ocsp-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-ocsp-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-015: Should not be able to group-member-add using OCSP_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using OCSP_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-016: Should not be able to add a non existing user to a group" + user="tuser3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-add \"$groupid5\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-017: Add a group and add a user to the group using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-ocsp-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-ocsp-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-ocsp-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-ocsp-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-ocsp-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-ocsp-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-ocsp-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-ocsp-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g1 u9 > $TmpDir/pki-ocsp-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-ocsp-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find g1 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-018: Add two group and add a user to the two different group using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-ocsp-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-ocsp-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-ocsp-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-ocsp-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-ocsp-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-ocsp-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-ocsp-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-ocsp-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-ocsp-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-ocsp-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g2 u10 > $TmpDir/pki-ocsp-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find g2 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g3 u10 > $TmpDir/pki-ocsp-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find g3 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-019: Add a group, add a user to the group and delete the group using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g4description\" gr4 > $TmpDir/pki-ocsp-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-ocsp-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-ocsp-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-ocsp-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + -user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-ocsp-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-ocsp-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-ocsp-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-ocsp-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add gr4 u11 > $TmpDir/pki-ocsp-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-ocsp-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find gr4 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del gr4 > $TmpDir/pki-ocsp-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-ocsp-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-membership-find u11 > $TmpDir/pki-ocsp-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-ocsp-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-020: Add a group, add a user to the group and modify the group using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g5description\" g4 > $TmpDir/pki-ocsp-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-ocsp-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-ocsp-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-ocsp-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-ocsp-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-ocsp-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-ocsp-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g4 u12 > $TmpDir/pki-ocsp-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-ocsp-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find g4 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod g4 --description=\"Modified group\" > $TmpDir/pki-ocsp-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-ocsp-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-ocsp-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-ocsp-021: Add a group, add a user to the group, run user-membership-del on the user and run group-member-find using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"g6description\" g5 > $TmpDir/pki-ocsp-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-ocsp-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-ocsp-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-ocsp-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-ocsp-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-ocsp-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-ocsp-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-ocsp-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add g5 u13 > $TmpDir/pki-ocsp-group-member-add-groupadd-026.out 2>&1" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-ocsp-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find g5 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-membership-del u13 g5 > $TmpDir/pki-ocsp-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-ocsp-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find g5 > $TmpDir/pki-ocsp-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-ocsp-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_member-add-cleanup-ocsp-001: Deleting the temp directory and users and groups" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g$i > $TmpDir/pki-user-del-ocsp-group-member-add-group-del-ocsp-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-ocsp-group-member-add-group-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del userall > $TmpDir/pki-group-del-ocsp-group-member-add-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-ocsp-group-member-add-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del user1 > $TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del us19 > $TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-u13-001.out" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del testuser$i > $TmpDir/pki-group-member-add-ocsp-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-ocsp-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-ocsp-group-i18n_1.out" + + Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-add-ocsp cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-del-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-del-ocsp.sh new file mode 100755 index 000000000..67b54396a --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-del-ocsp.sh @@ -0,0 +1,789 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-del-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-del-ocsp_tests(){ + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-002: Delete group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-ocsp-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-ocsp-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" u$i > $TmpDir/pki-ocsp-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del \"$gid\" u$i > $TmpDir/pki-ocsp-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-ocsp-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-003: Delete group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-ocsp-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-ocsp-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" userall > $TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del \"$gid\" userall > $TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-004: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-ocsp-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-005: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"Administrators\" user2 > $TmpDir/pki-ocsp-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-006: Should not be able to group-member-del using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-007: Should not be able to group-member-del using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-008: Should not be able to group-member-del using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert OCSP_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-009: Should not be able to group-member-del using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-010: Should not be able to group-member-del using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-011: Should not be able to group-member-del using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-012: Should not be able to group-member-del using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-013: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using OCSP_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-014: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-015: Delete group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-ocsp-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-ocsp-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-ocsp-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-ocsp-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-ocsp-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-ocsp-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-016: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-ocsp-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-ocsp-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-ocsp-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-ocsp-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-017: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-ocsp-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-ocsp-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-ocsp-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-ocsp-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"Administrators\" u20 > $TmpDir/pki-ocsp-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find Administrators > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u20 > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find Administrators > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-018: User deleted from Administrators group cannnot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-ocsp-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"Administrators\" testuser1 > $TmpDir/pki-ocsp-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-cert-add testuser1 --input $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ocsp-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del \"Administrators\" testuser1 > $TmpDir/pki-ocsp-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-ocsp-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT -t ocsp user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-019: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-ocsp-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"group1\" testuser2 > $TmpDir/pki-ocsp-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'group1' > $TmpDir/pki-ocsp-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-ocsp-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-membership-find testuser2 > $TmpDir/pki-ocsp-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-ocsp-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-ocsp-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del userall > $TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del user1 > $TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del user2 > $TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del user123 > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del testuser1 > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-testuser1.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del testuser2 > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-testuser2.out" + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-del-ocsp cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-find-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-find-ocsp.sh new file mode 100755 index 000000000..d43a154b2 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-find-ocsp.sh @@ -0,0 +1,811 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-member-find-ocsp CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-find-ocsp Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-find-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-member-show-ocsp_tests(){ + + rlPhaseStartTest "pki_group_cli_group_member-find_ocsp-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-001: Find ocsp-group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-ocsp-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-ocsp-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" u$i > $TmpDir/pki-ocsp-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-002: Find ocsp-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-ocsp-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-ocsp-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"$gid\" userall > $TmpDir/pki-ocsp-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-003: Find ocsp-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"Test group\" group1 > $TmpDir/pki-ocsp-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-ocsp-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-ocsp-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-ocsp-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-ocsp-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-ocsp-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-ocsp-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add group1 user$i > $TmpDir/pki-ocsp-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-ocsp-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-ocsp-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 > $TmpDir/pki-ocsp-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-ocsp-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-ocsp-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-ocsp-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-004: Find group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --start=5 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-005: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --start=0 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-006: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-007: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --start=15 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-008: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-009: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --size=0 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-size-006.out" 0 \ + "group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-010: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --size=1 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-size-007.out" 0 \ + "group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-011: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --size=15 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-size-009.out" 0 \ + "group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-012: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --size=100 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-size-0010.out" 0 \ + "ocsp-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-013: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-014: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-015: Find group members with -t option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --size=5 > $TmpDir/pki-ocsp-group-member-find-018.out" \ + 0 \ + "Find group-member with -t ocsp option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-ocsp-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-016: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group1 --start=6 --size=5 > $TmpDir/pki-ocsp-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-ocsp-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-017: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-018: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-019: Should not be able to group-member-find using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-020: Should not be able to group-member-find using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-021: Should not be able to group-member-find using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent OCSP_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-022: Should not be able to group-member-find using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin OCSP_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-023: Should not be able to group-member-find using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent OCSP_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-024: Should not be able to group-member-find using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor OCSP_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-025: Should not be able to group-member-find using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator OCSP_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-026: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted CA_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-027: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted OCSP_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-028:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-ocsp-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-ocsp-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-ocsp-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-ocsp-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-ocsp-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-029: Find group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"Test group\" group2 > $TmpDir/pki-ocsp-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-ocsp-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-ocsp-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-ocsp-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-ocsp-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-ocsp-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-ocsp-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add group2 userid$i > $TmpDir/pki-ocsp-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-ocsp-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-ocsp-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-find group2 > $TmpDir/pki-ocsp-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-ocsp-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-ocsp-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-ocsp-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-ocsp-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 10 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u$i > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del user$i > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del userid$i > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del userall > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-userall.out" + + + #===Deleting groups created using OCSP_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'group1' > $TmpDir/pki-user-del-ocsp-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-ocsp-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'group2' > $TmpDir/pki-user-del-ocsp-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-ocsp-group2.out" + + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-find-ocsp cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-show-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-show-ocsp.sh new file mode 100755 index 000000000..345aa6273 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-show-ocsp.sh @@ -0,0 +1,558 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-show-ocsp Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-show-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-member-show-ocsp_tests(){ + rlPhaseStartSetup "pki_group_cli_group_member_show_ocsp-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartTest "pki_ocsp_group_member_show-configtest: pki ocsp-group-member-show configuration test" + rlRun "pki ocsp-group-member-show --help > $TmpDir/pki_ocsp_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki ocsp-group-member-show" + rlAssertGrep "usage: ocsp-group-member-show \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show OCSP groups #### + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-001: Add group to OCSP using OCSP_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group1 u1 > $TmpDir/pki_ocsp_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_ocsp_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_ocsp_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group1 U1 > $TmpDir/pki-ocsp-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-ocsp-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-ocsp-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show TEST_GROUP u1 > $TmpDir/pki-ocsp-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-ocsp-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-ocsp-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-008: Should not be able to show group member using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-009: Should not be able to show group member using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-010: Should not be able to show group members using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-011: Should not be able to show group members using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-012: Should not be able to show group members using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-013: Should not be able to show group members using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-ocsp-014: Should not be able to show group members using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-015: Should not be able to show group members using a cert created from a untrusted OCSP OCSP_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using OCSP_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_ocsp_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_ocsp_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group1 u1 > $TmpDir/pki-ocsp-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=test u3 > $TmpDir/pki-ocsp-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-ocsp-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-ocsp-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-ocsp-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-ocsp-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-018: Add group to OCSP using OCSP_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group2 u2 > $TmpDir/pki_ocsp_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_ocsp_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_ocsp_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp-019: Add group to OCSP using OCSP_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-member-show $group3 u4 > $TmpDir/pki_ocsp_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_ocsp_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_ocsp_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show_ocsp-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_ocsp_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using OCSP_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del $grp > $TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + user-del u$j > $TmpDir/pki-user-del-ocsp-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-ocsp-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ocsp-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-show-ocsp cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-mod-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-mod-ocsp.sh new file mode 100755 index 000000000..33eb4d916 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-mod-ocsp.sh @@ -0,0 +1,555 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-group-cli +# Description: PKI group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-mod-ocsp Modify existing groups in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-mod-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-mod-ocsp_tests(){ + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_group_cli_group_mod_ocsp-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +group1=ocsp_group +group1desc="Test ocsp group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test ocsp agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### Tests to modify OCSP groups #### + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-002: Modify a group's description in OCSP using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-ocsp-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-ocsp-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-ocsp-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_ocsp-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-ocsp-group-mod-004.out" \ + 0 \ + "Modified group using OCSP_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-ocsp-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-ocsp-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$randsym\" g2 > $TmpDir/pki-ocsp-group-mod-005.out" \ + 0 \ + "Modified group using OCSP_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-ocsp-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-ocsp-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=$ g3 > $TmpDir/pki-ocsp-group-mod-008.out" \ + 0 \ + "Modified group using OCSP_adminV with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-ocsp-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-ocsp-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-006: Modify a group to OCSP with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-ocsp-group-mod-007.out" \ + 0 \ + "Modified group g4 to OCSP" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-ocsp-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-ocsp-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-008: Should not be able to modify groups using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-009: Should not be able to modify group using an agent or a revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-010: Should not be able to modify groups using a OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-011: Should not be able to modify group using a OCSP_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-012: Should not be able to modify group using a OCSP_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-013: Should not be able to modify group using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-014: Should not be able to modify group using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as OCSP_operatorV" + rlPhaseEnd + +##### Tests to modify groups using OCSP_adminUTCA and OCSP_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-015: Should not be able to modify groups using a cert created from a untrusted CA CA_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_ocsp-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify OCSP groups with empty parameters #### + + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-017: Modify a user created group in OCSP using OCSP_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description=\"\" g5 > $TmpDir/pki-ocsp-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-ocsp-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-ocsp-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify OCSP groups with the same value #### + + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-018: Modify a group in OCSP using OCSP_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show $group1 > $TmpDir/pki-ocsp-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-ocsp-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-ocsp-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-ocsp-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-ocsp-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-ocsp-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify OCSP groups having i18n chars in the description #### + +rlPhaseStartTest "pki_group_cli_group_mod_ocsp-019: Modify a groups's description having i18n chars in OCSP using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-ocsp-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-ocsp-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-ocsp-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-ocsp-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated OCSP groups #### + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-021: Modify Administrator group's description in OCSP using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show Administrators > $TmpDir/pki-ocsp-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-ocsp-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-ocsp-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-ocsp-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-ocsp-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-ocsp-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_ocsp-022: Modify Administrators group in OCSP using OCSP_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show Administrators > $TmpDir/pki-ocsp-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-ocsp-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-mod --description=\"\" Administrators > $TmpDir/pki-ocsp-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-ocsp-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-ocsp-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_group_cli_group_cleanup_ocsp: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g$i > $TmpDir/pki-group-del-ocsp-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ocsp-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del $grp > $TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del $i18ngroup > $TmpDir/pki-group-del-ocsp-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-ocsp-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-mod cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-show-ocsp.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-show-ocsp.sh new file mode 100755 index 000000000..beb439c62 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-show-ocsp.sh @@ -0,0 +1,732 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-show-ocsp Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-show-ocsp.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-show-ocsp_tests(){ + +rlPhaseStartSetup "pki_group_cli_group_show_ocsp-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + ##### Tests to show OCSP groups #### + rlPhaseStartTest "pki_group_cli_group_show_ocsp-001: Add group to OCSP using OCSP_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using OCSP_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show $group1 > $TmpDir/pki-ocsp-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-ocsp-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-ocsp-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group2" \ + 0 \ + "Add group $group2 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show $group2 > $TmpDir/pki-ocsp-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-ocsp-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-ocsp-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group3" \ + 0 \ + "Add group $group3 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show $group3 > $TmpDir/pki-ocsp-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-ocsp-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-ocsp-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group4" \ + 0 \ + "Add group $group4 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show $group4 > $TmpDir/pki-ocsp-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-ocsp-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-ocsp-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group5" \ + 0 \ + "Add $group5 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show $group5 > $TmpDir/pki-ocsp-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-ocsp-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-ocsp-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group6" \ + 0 \ + "Add $group6 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show $group6 > $TmpDir/pki-ocsp-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-ocsp-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-ocsp-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test $group7" \ + 0 \ + "Add group $group7 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show $group7 > $TmpDir/pki-ocsp-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-ocsp-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-ocsp-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='$desc' g1" \ + 0 \ + "Added group using OCSP_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g1 > $TmpDir/pki-ocsp-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-ocsp-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-ocsp-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-ocsp-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description='$desc' g2" \ + 0 \ + "Added group using OCSP_adminV with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g2 > $TmpDir/pki-ocsp-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-ocsp-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-ocsp-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=# g3" \ + 0 \ + "Add group g3 using pki OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g3 > $TmpDir/pki-ocsp-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-ocsp-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-ocsp-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=* g4" \ + 0 \ + "Add group g4 using pki OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g4 > $TmpDir/pki-ocsp-group-show-001_10.out" \ + 0 \ + "Show group g4 using OCSP_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-ocsp-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-ocsp-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g5 > $TmpDir/pki-ocsp-group-show-001_11.out" \ + 0 \ + "Show group g5 using OCSP_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-ocsp-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-ocsp-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-ocsp-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g6 > $TmpDir/pki-ocsp-group-show-001_12.out" \ + 0 \ + "Show group g6 using OCSP_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-ocsp-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-ocsp-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-ocsp-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-014: Show group with -t ocsp option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test g7" \ + 0 \ + "Adding group g7 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g7 > $TmpDir/pki-ocsp-group-show-001_32.out" \ + 0 \ + "Show group g7 using OCSP_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-ocsp-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-ocsp-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-ocsp-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_show_ocsp-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show G7 > $TmpDir/pki-ocsp-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-ocsp-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-ocsp-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-017: Should not be able to show group using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-018: Should not be able to show group using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-019: Should not be able to show group using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-020: Should not be able to show group using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-021: Should not be able to show group using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-022: Should not be able to show group using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-023: Should not be able to show group using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-024: Should not be able to show group using a cert created from a untrusted OCSP OCSP_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using OCSP_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_show_encoded_0025pkcs10.out > $TmpDir/pki_ocsp_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_ocsp_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show g7 > $TmpDir/pki-ocsp-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT -t ocsp group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using OCSP_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-ocsp-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-ocsp-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_ocsp-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-ocsp-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-show 'ÉricTêko' > $TmpDir/pki-ocsp-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-ocsp-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-ocsp-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_ocsp: Deleting the temp directory and groups" + + #===Deleting groups created using OCSP_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g$i > $TmpDir/pki-ocsp-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-ocsp-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using OCSP_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del $grp > $TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ocsp-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-ocsp-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ocsp-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-show-ocsp cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-add-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-add-tks.sh new file mode 100755 index 000000000..4f6c24262 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-add-tks.sh @@ -0,0 +1,594 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-add-tks Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-group-cli-group-add-tks.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-add-tks_tests(){ +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_group_cli_group_add_tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + + ##### Tests to add TKS groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_group_cli_group_add_tks-001: Add a group to TKS using TKS_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-tks-group-add-001.out" \ + 0 \ + "Add group $group1 to TKS" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-tks-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-tks-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-tks-group-add-001_1.out" \ + 0 \ + "Added group using TKS_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-tks-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-tks-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description test $group3 > $TmpDir/pki-tks-group-add-001_2.out" \ + 0 \ + "Added group using TKS_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-tks-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tks-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group4 > $TmpDir/pki-tks-group-add-001_3.out" \ + 0 \ + "Added group using TKS_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-tks-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tks-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group5 > $TmpDir/pki-tks-group-add-001_4.out " \ + 0 \ + "Added group using TKS_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-tks-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tks-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group6 > $TmpDir/pki-tks-group-add-001_5.out " \ + 0 \ + "Added group using TKS_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-tks-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tks-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group7 > $TmpDir/pki-tks-group-add-001_6.out " \ + 0 \ + "Added group using TKS_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-tks-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tks-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-tks-group-add-001_7.out" \ + 0 \ + "Added group using TKS_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tks-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tks-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-tks-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tks-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='$groupdesc' g2 > $TmpDir/pki-tks-group-add-001_8.out" \ + 0 \ + "Added group using TKS_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tks-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tks-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-010: Add a duplicate group to TKS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-011: Add a group to TKS with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$desc\" g3 > $TmpDir/pki-tks-group-add-0011.out" \ + 0 \ + "Add group g3 to TKS" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tks-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-tks-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add g7 > $TmpDir/pki-tks-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-tks-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tks-group-add-0013.out" + rlPhaseEnd + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_add_tks-014: Should not be able to add group using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-015: Should not be able to add group using a agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert TKS_agentR" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_add_tks-016: Should not be able to add group using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert TKS_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_add_tks-017: Should not be able to add group using admin user with expired cert TKS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-018: Should not be able to add group using TKS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert TKS_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_add_tks-019: Should not be able to add group using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert TKS_auditorV" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_group_cli_group_add_tks-020: Should not be able to add group using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TKS_operatorV" + rlPhaseEnd + + ##### Tests to add groups using TKS_adminUTCA and TKS_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_add_tks-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TKS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-023: description with i18n characters" + rlLog "group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='Örjan Äke' g4 > $TmpDir/pki-tks-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tks-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tks-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-024: description with i18n characters" + rlLog "group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='Éric Têko' g5 > $TmpDir/pki-tks-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tks-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tks-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tks-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-025: description with i18n characters" + rlLog "group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-tks-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-tks-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tks-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tks-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g6 > $TmpDir/pki-tks-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tks-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tks-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_add_tks-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tks-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-tks-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tks-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tks-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-tks-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-tks-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tks-group-add-001_57.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_tks: Deleting groups" + + #===Deleting groups created using TKS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g$i > $TmpDir/pki-tks-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tks-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TKS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del '$grp' > $TmpDir/pki-tks-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-tks-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-tks-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-tks-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÖrjanÄke' > $TmpDir/pki-tks-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-tks-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÉricTêko' > $TmpDir/pki-tks-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-tks-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-add-tks cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-del-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-del-tks.sh new file mode 100755 index 000000000..66b65ae67 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-del-tks.sh @@ -0,0 +1,658 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-del-tks Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-del-tks_tests(){ + + rlPhaseStartSetup "pki_group_cli_group_del_tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_del_tks-001: Delete valid groups" + group1=tks_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to TKS using TKS_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using TKS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g$i > $TmpDir/pki-tks-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tks-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to TKS using TKS_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using TKS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del $grp > $TmpDir/pki-tks-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-tks-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-002: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del GROUP_ABC > $TmpDir/pki-tks-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-tks-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-003: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-004: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test \"$group2\" > $TmpDir/pki-tks-group-add-001_1.out" \ + 0 \ + "Added group using TKS_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del \"$group2\" > $TmpDir/pki-tks-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using TKS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tks-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + rlLog "$actual_groupid_string" + rlLog "$expected_groupid_string" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-005: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test '$groupid' > $TmpDir/pki-tks-group-add-001_8.out 2>&1" \ + 0 \ + "Added group using TKS_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del '$groupid' > $TmpDir/pki-tks-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using TKS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tks-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show '$groupid' > $TmpDir/pki-tks-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-tks-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-006: Delete group from TKS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-tks-group-add-009.out" \ + 0 \ + "Add group g1 to TKS" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g1 > $TmpDir/pki-tks-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t tks option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-tks-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-007: Should not be able to delete group using a revoked cert TKS_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-tks-010.out" \ + 0 \ + "Add group g2 to TKS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g2 > $TmpDir/pki-tks-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tks-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tks-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-008: Should not be able to delete group using a agent with revoked cert TKS_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-tks-010.out" \ + 0 \ + "Add group g3 to TKS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g3 > $TmpDir/pki-tks-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tks-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tks-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-009: Should not be able to delete group using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g3 > $TmpDir/pki-tks-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tks-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tks-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-010: Should not be able to delete group using a admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g3 > $TmpDir/pki-group-show-tks-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-011: Should not be able to delete a group using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-show g3 > $TmpDir/pki-group-show-tks-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-012: Should not be able to delete group using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a audit cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g3 > $TmpDir/pki-group-show-tks-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-013: Should not be able to delete group using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g3 > $TmpDir/pki-group-show-tks-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-014: Should not be able to delete group using a cert created from a untrusted CA TKS_adminUTCA" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $TKS_HOST -p $TKS_PORT -t tks group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g3 > $TmpDir/pki-group-show-tks-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-015: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_del_encoded_0025pkcs10.out > $TmpDir/pki_tks_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tks_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g3 > $TmpDir/pki-tks-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g3 > $TmpDir/pki-group-show-tks-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g3 > $TmpDir/pki-group-del-tks-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-016: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-tks-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-tks-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-tks-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tks-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tks-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tks-017: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-tks-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-tks-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tks-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show 'ÉricTêko' > $TmpDir/pki-group-add-tks-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-tks-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tks-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-tks-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tks-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_cleanup_tks: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-add-tks cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-find-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-find-tks.sh new file mode 100755 index 000000000..1cb0bf4bb --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-find-tks.sh @@ -0,0 +1,651 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-find-tks To list groups in TKS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-find-tks_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +rlPhaseStartSetup "pki_group_cli_group_find_tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_group_cli_group_find_tks-startup: Create temporary directory and add groups" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_find_tks-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --size=5 > $TmpDir/pki-tks-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tks-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --size=0 > $TmpDir/pki-tks-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-005: Find all groups, large value as input" + large_num="1000000" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --size=$large_num" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --size=$large_num > $TmpDir/pki-tks-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-tks-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 2 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t TKS \ + group-find --size=$maximum_check > $TmpDir/pki-tks-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-tks-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_find_tks-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find > $TmpDir/pki-tks-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in TKS" + group_entry_10=`cat $TmpDir/pki-tks-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=10 > $TmpDir/pki-tks-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-tks-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tks-group-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=10000 > $TmpDir/pki-tks-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=$maximum_check > $TmpDir/pki-tks-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=0 > $TmpDir/pki-tks-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tks-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find > $TmpDir/pki-tks-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in TKS" + group_entry_12=`cat $TmpDir/pki-tks-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=12 --size=12 > $TmpDir/pki-tks-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-tks-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-tks-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find > $TmpDir/pki-tks-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in TKS" + group_entry_12=`cat $TmpDir/pki-tks-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=12 --size=0 > $TmpDir/pki-tks-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-021: Should not be able to find group using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-022: Should not be able to find groups using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-023: Should not be able to find groups using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-tks-024: Should not be able to find groups using admin user with expired cert TKS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-025: Should not be able to find groups using TKS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-026: Should not be able to find groups using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-027: Should not be able to find groups using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-028: Should not be able to find groups using a cert created from a untrusted CA TKS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using TKS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_find_encoded_0029pkcs10.out > $TmpDir/pki_tks_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tks_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --start=1 --size=5 > $TmpDir/pki-tks-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-group-find-pkiUser1-002.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-tks-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --size=1000 > $TmpDir/pki-tks-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tks-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tks-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-tks-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find --size=1000 > $TmpDir/pki-tks-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tks-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tks-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_group_cli_group_find_tks-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-find Administrator > $TmpDir/pki-tks-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tks-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tks-033: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using TKS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g$i > $TmpDir/pki-group-del-tks-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tks-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tks-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tks-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-tks-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tks-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-find-tks cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-add-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-add-tks.sh new file mode 100755 index 000000000..08cbbaded --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-add-tks.sh @@ -0,0 +1,1121 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-membership-add-tks CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-add-tks Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-add-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-add-tks_tests(){ + rlPhaseStartSetup "pki_group_cli_group_membership-add-tks-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + rlPhaseStartTest "pki_group_cli_group_member-add-tks-001: Add users to available groups using valid admin user TKS_adminV" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tks-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tks-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show u$i > $TmpDir/pki-tks-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tks-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" u$i > $TmpDir/pki-tks-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tks-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-002: Add a user to all available groups using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tks-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tks-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show userall > $TmpDir/pki-tks-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-tks-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" userall > $TmpDir/pki-tks-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tks-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-003: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tks-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tks-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tks-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tks-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-show user1 > $TmpDir/pki-tks-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-tks-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tks-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tks-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-tks-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tks-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-004: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tks-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-005: Should be able to group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tks-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tks-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tks-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-tks-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-tks-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-tks-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tks-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-tks-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-006: Should not be able to group-member-add using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-007: Should not be able to group-member-add using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-008: Should not be able to group-member-add using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-009: Should not be able to group-member-add using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-010: Should not be able to group-member-add using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-011: Should not be able to group-member-add using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-012: Should not be able to group-member-add using TKS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TKS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-013: Should not be able to group-member-add using TKS_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TKS_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-add-tks-014: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" testuser1 > $TmpDir/pki-tks-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tks-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tks-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add testuser1 --input $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT -t tks user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-tks-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tks-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tks-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find $groupid4 > $TmpDir/pki-tks-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tks-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test_user us19 > $TmpDir/pki-tks-user-add-019_4.out 2>&1" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-tks-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-tks-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-tks-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-015: Should not be able to group-member-add using TKS_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TKS_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-016: Should not be able to add a non existing user to a group" + user="tuser3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-add \"$groupid5\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-017: Add a group and add a user to the group using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-tks-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tks-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tks-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-tks-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-tks-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-tks-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tks-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-tks-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g1 u9 > $TmpDir/pki-tks-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tks-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tks-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find g1 > $TmpDir/pki-tks-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-tks-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-018: Add two group and add a user to the two different group using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-tks-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tks-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tks-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-tks-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tks-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tks-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-tks-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-tks-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tks-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-tks-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g2 u10 > $TmpDir/pki-tks-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tks-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find g2 > $TmpDir/pki-tks-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g3 u10 > $TmpDir/pki-tks-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tks-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find g3 > $TmpDir/pki-tks-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-019: Add a group, add a user to the group and delete the group using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g4description\" gr4 > $TmpDir/pki-tks-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-tks-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-tks-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-tks-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + -user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-tks-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-tks-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tks-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-tks-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add gr4 u11 > $TmpDir/pki-tks-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-tks-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-tks-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find gr4 > $TmpDir/pki-tks-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-tks-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del gr4 > $TmpDir/pki-tks-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-tks-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-membership-find u11 > $TmpDir/pki-tks-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tks-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-020: Add a group, add a user to the group and modify the group using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g5description\" g4 > $TmpDir/pki-tks-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tks-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-tks-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-tks-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-tks-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tks-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-tks-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g4 u12 > $TmpDir/pki-tks-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-tks-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-tks-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find g4 > $TmpDir/pki-tks-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-tks-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod g4 --description=\"Modified group\" > $TmpDir/pki-tks-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tks-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-tks-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tks-021: Add a group, add a user to the group, run user-membership-del on the user and run group-member-find using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"g6description\" g5 > $TmpDir/pki-tks-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tks-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tks-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-tks-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-tks-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-tks-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tks-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-tks-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add g5 u13 > $TmpDir/pki-tks-group-member-add-groupadd-026.out 2>&1" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-tks-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-tks-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find g5 > $TmpDir/pki-tks-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-tks-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-membership-del u13 g5 > $TmpDir/pki-tks-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-tks-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find g5 > $TmpDir/pki-tks-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tks-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_member-add-cleanup-tks-001: Deleting the temp directory and users and groups" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-group-member-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-add-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-group-member-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-add-user-del-tks-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g$i > $TmpDir/pki-user-del-tks-group-member-add-group-del-tks-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-tks-group-member-add-group-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del userall > $TmpDir/pki-group-del-tks-group-member-add-user-del-tks-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-tks-group-member-add-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del user1 > $TmpDir/pki-user-del-tks-group-member-add-user-del-tks-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tks-group-member-add-user-del-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del us19 > $TmpDir/pki-user-del-tks-group-member-add-user-del-tks-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-tks-group-member-add-user-del-tks-u13-001.out" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del testuser$i > $TmpDir/pki-group-member-add-tks-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-tks-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-tks-group-i18n_1.out" + + Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-add-tks cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-del-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-del-tks.sh new file mode 100755 index 000000000..21bdd9932 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-del-tks.sh @@ -0,0 +1,801 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-del-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-del-tks_tests(){ + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + rlPhaseStartTest "pki_group_cli_group_member-del-tks-002: Delete group-member when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tks-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tks-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" u$i > $TmpDir/pki-tks-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tks-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del \"$gid\" u$i > $TmpDir/pki-tks-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-tks-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-003: Delete group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tks-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tks-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" userall > $TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del \"$gid\" userall > $TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-004: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tks-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-tks-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tks-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-005: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-tks-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"Administrators\" user2 > $TmpDir/pki-tks-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-tks-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-006: Should not be able to group-member-del using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-007: Should not be able to group-member-del using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-008: Should not be able to group-member-del using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert TKS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-009: Should not be able to group-member-del using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-010: Should not be able to group-member-del using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-011: Should not be able to group-member-del using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-012: Should not be able to group-member-del using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-013: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TKS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-014: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-015: Delete group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tks-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tks-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tks-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-tks-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tks-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-tks-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-tks-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tks-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tks-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-016: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-tks-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-tks-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-tks-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-tks-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-017: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-tks-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-tks-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tks-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-tks-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"Administrators\" u20 > $TmpDir/pki-tks-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-tks-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find Administrators > $TmpDir/pki-user-del-tks-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-tks-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u20 > $TmpDir/pki-user-del-tks-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find Administrators > $TmpDir/pki-user-del-tks-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-tks-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-tks-018: User deleted from Administrators group cannnot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tks-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"Administrators\" testuser1 > $TmpDir/pki-tks-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tks-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-cert-add testuser1 --input $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tks-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del \"Administrators\" testuser1 > $TmpDir/pki-tks-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-tks-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT -t tks user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-019: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-tks-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tks-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tks-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-tks-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"group1\" testuser2 > $TmpDir/pki-tks-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-tks-group-member-del-groupadd-022_2.out" + lAssertGrep "User: testuser2" "$TmpDir/pki-tks-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'group1' > $TmpDir/pki-tks-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-tks-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-membership-find testuser2 > $TmpDir/pki-tks-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-tks-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tks-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del userall > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del user1 > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del user2 > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del user123 > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del testuser1 > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-testuser1.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del testuser2 > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-testuser2.out" + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-del-tks cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-find-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-find-tks.sh new file mode 100755 index 000000000..aff3c5b17 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-find-tks.sh @@ -0,0 +1,818 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-member-find-tks CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-find-tks Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-find-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-member-find-tks_tests(){ + rlPhaseStartTest "pki_group_cli_group_member-find_tks-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-001: Find tks-group-member when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tks-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tks-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" u$i > $TmpDir/pki-tks-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tks-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-002: Find tks-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tks-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tks-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"$gid\" userall > $TmpDir/pki-tks-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tks-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-003: Find tks-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"Test group\" group1 > $TmpDir/pki-tks-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tks-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tks-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tks-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-tks-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-tks-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-tks-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tks-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add group1 user$i > $TmpDir/pki-tks-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-tks-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-tks-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 > $TmpDir/pki-tks-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tks-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-tks-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-tks-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-004: Find group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --start=5 > $TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-005: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --start=0 > $TmpDir/pki-tks-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-006: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-007: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --start=15 > $TmpDir/pki-tks-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-008: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-009: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --size=0 > $TmpDir/pki-tks-group-member-find-groupadd-find-size-006.out" 0 \ + "group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-010: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --size=1 > $TmpDir/pki-tks-group-member-find-groupadd-find-size-007.out" 0 \ + "group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-011: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --size=15 > $TmpDir/pki-tks-group-member-find-groupadd-find-size-009.out" 0 \ + "group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-012: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --size=100 > $TmpDir/pki-tks-group-member-find-groupadd-find-size-0010.out" 0 \ + "tks-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-013: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-014: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-015: Find group members with -t option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --size=5 > $TmpDir/pki-tks-group-member-find-018.out" \ + 0 \ + "Find group-member with -t tks option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tks-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-016: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group1 --start=6 --size=5 > $TmpDir/pki-tks-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tks-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-017: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-018: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-019: Should not be able to group-member-find using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-020: Should not be able to group-member-find using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-021: Should not be able to group-member-find using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent TKS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-022: Should not be able to group-member-find using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin TKS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-023: Should not be able to group-member-find using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent TKS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-024: Should not be able to group-member-find using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor TKS_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-025: Should not be able to group-member-find using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator TKS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-026: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using TKS_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-027: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted TKS_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-028:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tks-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tks-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tks-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-tks-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tks-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tks-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-tks-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tks-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-029: Find group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"Test group\" group2 > $TmpDir/pki-tks-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-tks-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-tks-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tks-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-tks-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-tks-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-tks-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tks-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add group2 userid$i > $TmpDir/pki-tks-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-tks-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-tks-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-find group2 > $TmpDir/pki-tks-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tks-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tks-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-tks-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tks-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u$i > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u9 > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u9" + rlAssertGrep "Deleted user \"u9\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-00$i.out" + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del user$i > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del userid$i > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del userall > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-userall.out" + + + #===Deleting groups created using TKS_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'group1' > $TmpDir/pki-user-del-tks-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-tks-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'group2' > $TmpDir/pki-user-del-tks-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-tks-group2.out" + + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-find-tks cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-show-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-show-tks.sh new file mode 100755 index 000000000..c39ed0ac1 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-show-tks.sh @@ -0,0 +1,558 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-show-tks Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-show-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-member-show-tks_tests(){ + rlPhaseStartSetup "pki_group_cli_group_member_show_tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartTest "pki_tks_group_member_show-configtest: pki tks-group-member-show configuration test" + rlRun "pki tks-group-member-show --help > $TmpDir/pki_tks_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki tks-group-member-show" + rlAssertGrep "usage: tks-group-member-show \[OPTIONS...\]" "$TmpDir/pki_tks_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TKS groups #### + rlPhaseStartTest "pki_group_cli_group_member_show_tks-001: Add group to TKS using TKS_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group1 u1 > $TmpDir/pki_tks_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_tks_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_tks_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_member_show_tks-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group1 U1 > $TmpDir/pki-tks-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-tks-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tks-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show TEST_GROUP u1 > $TmpDir/pki-tks-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-tks-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tks-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-008: Should not be able to show group member using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-009: Should not be able to show group member using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-010: Should not be able to show group members using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-011: Should not be able to show group members using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-012: Should not be able to show group members using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-013: Should not be able to show group members using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-tks-014: Should not be able to show group members using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-015: Should not be able to show group members using a cert created from a untrusted TKS TKS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using TKS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_tks_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tks_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group1 u1 > $TmpDir/pki-tks-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tks-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=test u3 > $TmpDir/pki-tks-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-tks-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-tks-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-tks-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-tks-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-018: Add group to TKS using TKS_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group2 u2 > $TmpDir/pki_tks_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_tks_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_tks_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks-019: Add group to TKS using TKS_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-member-show $group3 u4 > $TmpDir/pki_tks_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_tks_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_tks_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show_tks-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tks_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using TKS_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del $grp > $TmpDir/pki-group-del-tks-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tks-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + user-del u$j > $TmpDir/pki-user-del-tks-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-tks-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tks-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tks-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-show-tks cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-mod-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-mod-tks.sh new file mode 100755 index 000000000..ec3cc1e0e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-mod-tks.sh @@ -0,0 +1,554 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-group-cli +# Description: PKI group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-mod-tks Modify existing groups in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-mod-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-mod-tks_tests(){ +#####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_group_cli_group_mod_tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +group1=tks_group +group1desc="Test tks group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test tks agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### Tests to modify TKS groups #### + rlPhaseStartTest "pki_group_cli_group_mod_tks-002: Modify a group's description in TKS using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tks-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tks-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tks-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_tks-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-tks-group-mod-004.out" \ + 0 \ + "Modified group using TKS_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-tks-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tks-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tks-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$randsym\" g2 > $TmpDir/pki-tks-group-mod-005.out" \ + 0 \ + "Modified group using TKS_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-tks-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-tks-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tks-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=$ g3 > $TmpDir/pki-tks-group-mod-008.out" \ + 0 \ + "Modified group using TKS_adminV with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-tks-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tks-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tks-006: Modify a group to TKS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-tks-group-mod-007.out" \ + 0 \ + "Modified group g4 to TKS" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tks-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tks-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_tks-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_mod_tks-008: Should not be able to modify groups using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_tks-009: Should not be able to modify group using an agent or a revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_mod_tks-010: Should not be able to modify groups using a TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_mod_tks-011: Should not be able to modify group using a TKS_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tks-012: Should not be able to modify group using a TKS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using audit users##### + rlPhaseStartTest "pki_group_cli_group_mod_tks-013: Should not be able to modify group using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_group_cli_group_mod_tks-014: Should not be able to modify group using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as TKS_operatorV" + rlPhaseEnd + +##### Tests to modify groups using TKS_adminUTCA and TKS_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_mod_tks-015: Should not be able to modify groups using a cert created from a untrusted CA TKS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_tks-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify TKS groups with empty parameters #### + + rlPhaseStartTest "pki_group_cli_group_mod_tks-017: Modify a user created group in TKS using TKS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description=\"\" g5 > $TmpDir/pki-tks-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-tks-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tks-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify TKS groups with the same value #### + + rlPhaseStartTest "pki_group_cli_group_mod_tks-018: Modify a group in TKS using TKS_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show $group1 > $TmpDir/pki-tks-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tks-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tks-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tks-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tks-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tks-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify TKS groups having i18n chars in the description #### + +rlPhaseStartTest "pki_group_cli_group_mod_tks-019: Modify a groups's description having i18n chars in TKS using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-tks-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-tks-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-tks-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-tks-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated TKS groups #### + rlPhaseStartTest "pki_group_cli_group_mod_tks-021: Modify Administrator group's description in TKS using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show Administrators > $TmpDir/pki-tks-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-tks-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-tks-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tks-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tks-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tks-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tks-022: Modify Administrators group in TKS using TKS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show Administrators > $TmpDir/pki-tks-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-tks-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-mod --description=\"\" Administrators > $TmpDir/pki-tks-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tks-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tks-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_group_cli_group_cleanup_tks: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g$i > $TmpDir/pki-group-del-tks-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tks-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del $grp > $TmpDir/pki-group-del-tks-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tks-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del $i18ngroup > $TmpDir/pki-group-del-tks-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-tks-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-mod-tks cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-show-tks.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-show-tks.sh new file mode 100755 index 000000000..6d8613040 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-show-tks.sh @@ -0,0 +1,732 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-show-tks Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-show-tks.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-show-tks_tests(){ + +rlPhaseStartSetup "pki_group_cli_group_show_tks-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + ##### Tests to show TKS groups #### + rlPhaseStartTest "pki_group_cli_group_show_tks-001: Add group to TKS using TKS_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TKS_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show $group1 > $TmpDir/pki-tks-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tks-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tks-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group2" \ + 0 \ + "Add group $group2 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show $group2 > $TmpDir/pki-tks-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-tks-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-tks-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group3" \ + 0 \ + "Add group $group3 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show $group3 > $TmpDir/pki-tks-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-tks-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tks-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group4" \ + 0 \ + "Add group $group4 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show $group4 > $TmpDir/pki-tks-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-tks-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tks-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group5" \ + 0 \ + "Add $group5 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show $group5 > $TmpDir/pki-tks-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-tks-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tks-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group6" \ + 0 \ + "Add $group6 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show $group6 > $TmpDir/pki-tks-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-tks-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tks-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test $group7" \ + 0 \ + "Add group $group7 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show $group7 > $TmpDir/pki-tks-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-tks-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tks-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='$desc' g1" \ + 0 \ + "Added group using TKS_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g1 > $TmpDir/pki-tks-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-tks-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tks-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tks-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description='$desc' g2" \ + 0 \ + "Added group using TKS_adminV with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g2 > $TmpDir/pki-tks-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tks-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tks-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=# g3" \ + 0 \ + "Add group g3 using pki TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g3 > $TmpDir/pki-tks-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tks-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-tks-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=* g4" \ + 0 \ + "Add group g4 using pki TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g4 > $TmpDir/pki-tks-group-show-001_10.out" \ + 0 \ + "Show group g4 using TKS_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-tks-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-tks-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g5 > $TmpDir/pki-tks-group-show-001_11.out" \ + 0 \ + "Show group g5 using TKS_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-tks-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tks-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tks-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g6 > $TmpDir/pki-tks-group-show-001_12.out" \ + 0 \ + "Show group g6 using TKS_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tks-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tks-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-tks-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-014: Show group with -t tks option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test g7" \ + 0 \ + "Adding group g7 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g7 > $TmpDir/pki-tks-group-show-001_32.out" \ + 0 \ + "Show group g7 using TKS_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-tks-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tks-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-tks-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_show_tks-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show G7 > $TmpDir/pki-tks-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-tks-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tks-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-017: Should not be able to show group using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-018: Should not be able to show group using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-019: Should not be able to show group using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-020: Should not be able to show group using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-021: Should not be able to show group using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-022: Should not be able to show group using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-023: Should not be able to show group using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-024: Should not be able to show group using a cert created from a untrusted CA TKS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using TKS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_show_encoded_0025pkcs10.out > $TmpDir/pki_tks_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tks_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show g7 > $TmpDir/pki-tks-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT -t tks group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using TKS_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tks-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show 'ÖrjanÄke' > $TmpDir/pki-tks-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-tks-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tks-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tks-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-tks-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-show 'ÉricTêko' > $TmpDir/pki-tks-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-tks-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tks-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_tks: Deleting the temp directory and groups" + + #===Deleting groups created using TKS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g$i > $TmpDir/pki-tks-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tks-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TKS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del $grp > $TmpDir/pki-group-del-tks-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tks-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tks-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tks-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-tks-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tks-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-show-tks cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-add-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-add-tps.sh new file mode 100755 index 000000000..2146af453 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-add-tps.sh @@ -0,0 +1,593 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-add-tps Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-group-cli-group-add-tps.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-add-tps_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_group_cli_group_add_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + + ##### Tests to add TPS groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_group_cli_group_add_tps-001: Add a group to TPS using TPS_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-tps-group-add-001.out" \ + 0 \ + "Add group $group1 to TPS" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-tps-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-tps-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-tps-group-add-001_1.out" \ + 0 \ + "Added group using TPS_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-tps-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-tps-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description test $group3 > $TmpDir/pki-tps-group-add-001_2.out" \ + 0 \ + "Added group using TPS_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-tps-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tps-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group4 > $TmpDir/pki-tps-group-add-001_3.out" \ + 0 \ + "Added group using TPS_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-tps-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tps-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group5 > $TmpDir/pki-tps-group-add-001_4.out " \ + 0 \ + "Added group using TPS_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-tps-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tps-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group6 > $TmpDir/pki-tps-group-add-001_5.out " \ + 0 \ + "Added group using TPS_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-tps-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tps-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group7 > $TmpDir/pki-tps-group-add-001_6.out " \ + 0 \ + "Added group using TPS_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-tps-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tps-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-tps-group-add-001_7.out" \ + 0 \ + "Added group using TPS_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tps-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-tps-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='$groupdesc' g2 > $TmpDir/pki-tps-group-add-001_8.out" \ + 0 \ + "Added group using TPS_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tps-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-010: Add a duplicate group to TPS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-011: Add a group to TPS with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$desc\" g3 > $TmpDir/pki-tps-group-add-0011.out" \ + 0 \ + "Add group g3 to TPS" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tps-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-tps-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add g7 > $TmpDir/pki-tps-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-tps-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tps-group-add-0013.out" + rlPhaseEnd + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_add_tps-014: Should not be able to add group using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-015: Should not be able to add group using a agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert TPS_agentR" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_add_tps-016: Should not be able to add group using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert TPS_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_add_tps-017: Should not be able to add group using admin user with expired cert TPS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-018: Should not be able to modify group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot add group $group1 using an officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-019: Should not be able to add group using TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert TPS_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_group_cli_group_add_tps-020: Should not be able to add group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TPS_operatorV" + rlPhaseEnd + + ##### Tests to add groups using TPS_adminUTCA and TPS_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_add_tps-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-023: description with i18n characters" + rlLog "group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Örjan Äke' g4 > $TmpDir/pki-tps-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tps-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tps-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-024: description with i18n characters" + rlLog "group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Éric Têko' g5 > $TmpDir/pki-tps-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tps-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tps-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-025: description with i18n characters" + rlLog "group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-tps-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-tps-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tps-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tps-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g6 > $TmpDir/pki-tps-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tps-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tps-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_add_tps-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tps-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-tps-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tps-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_add_tps-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-tps-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-tps-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tps-group-add-001_57.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_tps: Deleting groups" + + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-tps-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tps-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del '$grp' > $TmpDir/pki-tps-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-tps-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-tps-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-tps-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-tps-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-tps-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko' > $TmpDir/pki-tps-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-tps-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-add-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-del-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-del-tps.sh new file mode 100755 index 000000000..1e7eb3412 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-del-tps.sh @@ -0,0 +1,658 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-del-tps Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-del-tps_tests(){ + + rlPhaseStartSetup "pki_group_cli_group_del_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + + rlPhaseStartTest "pki_group_cli_group_del_tps-001: Delete valid groups" + group1=tps_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to TPS using TPS_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-tps-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tps-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to TPS using TPS_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp > $TmpDir/pki-tps-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-tps-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-002: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del GROUP_ABC > $TmpDir/pki-tps-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-tps-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-003: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-004: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test \"$group2\" > $TmpDir/pki-tps-group-add-001_1.out" \ + 0 \ + "Added group using TPS_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del \"$group2\" > $TmpDir/pki-tps-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using TPS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tps-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + rlLog "$actual_groupid_string" + rlLog "$expected_groupid_string" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-005: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test '$groupid' > $TmpDir/pki-tps-group-add-001_8.out 2>&1" \ + 0 \ + "Added group using TPS_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del '$groupid' > $TmpDir/pki-tps-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using TPS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tps-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show '$groupid' > $TmpDir/pki-tps-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-tps-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-006: Delete group from TPS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-tps-group-add-009.out" \ + 0 \ + "Add group g1 to TPS" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g1 > $TmpDir/pki-tps-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t tps option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-tps-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-007: Should not be able to delete group using a revoked cert TPS_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-tps-010.out" \ + 0 \ + "Add group g2 to TPS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g2 > $TmpDir/pki-tps-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tps-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-008: Should not be able to delete group using a agent with revoked cert TPS_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-tps-010.out" \ + 0 \ + "Add group g3 to TPS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-tps-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tps-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tps-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-009: Should not be able to delete group using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-tps-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tps-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tps-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-010: Should not be able to delete group using a admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-011: Should not be able to delete a group using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-show g3 > $TmpDir/pki-group-show-tps-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-012: Should not be able to delete group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a officer cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-013: Should not be able to delete group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-014: Should not be able to delete group using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d /tmp/untrusted_cert_db -n role_user_UTCA -c Password -h $TPS_HOST -p $TPS_PORT -t tps group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-015: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_del_encoded_0025pkcs10.out > $TmpDir/pki_tps_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tps_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g3 > $TmpDir/pki-tps-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-group-show-tps-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g3 > $TmpDir/pki-group-del-tps-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-016: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-tps-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-tps-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-tps-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_tps-017: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-tps-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-tps-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tps-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÉricTêko' > $TmpDir/pki-group-add-tps-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-tps-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tps-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-tps-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tps-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_del_cleanup_tps: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-del-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-find-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-find-tps.sh new file mode 100755 index 000000000..efb30bcd5 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-find-tps.sh @@ -0,0 +1,651 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-find-tps To list groups in TPS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-find-tps_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_group_cli_group_find_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_group_cli_group_find_tps-startup: Create temporary directory and add groups" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_group_cli_group_find_tps-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=5 > $TmpDir/pki-tps-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=0 > $TmpDir/pki-tps-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-005: Find all groups, large value as input" + large_num="1000000" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=$large_num" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=$large_num > $TmpDir/pki-tps-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-tps-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 2 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=$maximum_check > $TmpDir/pki-tps-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-tps-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_find_tps-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find > $TmpDir/pki-tps-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in TPS" + group_entry_10=`cat $TmpDir/pki-tps-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=10 > $TmpDir/pki-tps-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-tps-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=10000 > $TmpDir/pki-tps-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=$maximum_check > $TmpDir/pki-tps-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=0 > $TmpDir/pki-tps-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tps-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find > $TmpDir/pki-tps-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in TPS" + group_entry_12=`cat $TmpDir/pki-tps-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=12 --size=12 > $TmpDir/pki-tps-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-tps-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-tps-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find > $TmpDir/pki-tps-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in TPS" + group_entry_12=`cat $TmpDir/pki-tps-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=12 --size=0 > $TmpDir/pki-tps-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-021: Should not be able to find group using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-022: Should not be able to find groups using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-023: Should not be able to find groups using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find-tps-024: Should not be able to find groups using admin user with expired cert TPS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-025: Should not be able to find groups using TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-026: Should not be able to find groups using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-027: Should not be able to find groups using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-028: Should not be able to find groups using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_find_encoded_0029pkcs10.out > $TmpDir/pki_tps_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tps_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --start=1 --size=5 > $TmpDir/pki-tps-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-find-pkiUser1-002.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-tps-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=1000 > $TmpDir/pki-tps-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tps-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tps-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-tps-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find --size=1000 > $TmpDir/pki-tps-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tps-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tps-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_group_cli_group_find_tps-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-find Administrator > $TmpDir/pki-tps-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tps-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_find_tps-033: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-group-del-tps-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tps-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-tps-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tps-group-i18n_2.out" + + #Delete temporary directory + #rlRun "popd" + #rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-find-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-add-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-add-tps.sh new file mode 100755 index 000000000..8a9a58467 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-add-tps.sh @@ -0,0 +1,1119 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-membership-add-tps CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-add-tps Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-add-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-add-tps_tests(){ + rlPhaseStartSetup "pki_group_cli_group_membership-add-tps-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + rlPhaseStartTest "pki_group_cli_group_member-add-tps-001: Add users to available groups using valid admin user TPS_adminV" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show u$i > $TmpDir/pki-tps-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tps-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i > $TmpDir/pki-tps-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tps-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-002: Add a user to all available groups using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show userall > $TmpDir/pki-tps-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-tps-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall > $TmpDir/pki-tps-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tps-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-003: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tps-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tps-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-show user1 > $TmpDir/pki-tps-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-tps-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-tps-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tps-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-004: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tps-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-005: Should be able to group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-tps-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-tps-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-tps-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tps-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-tps-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-006: Should not be able to group-member-add using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-007: Should not be able to group-member-add using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-008: Should not be able to group-member-add using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-009: Should not be able to group-member-add using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-010: Should not be able to group-member-add using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-011: Should not be able to group-member-add using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-012: Should not be able to group-member-add using TPS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-013: Should not be able to group-member-add using TPS_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-add-tps-014: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" testuser1 > $TmpDir/pki-tps-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tps-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tps-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add testuser1 --input $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT -t tps user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-tps-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tps-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tps-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find $groupid4 > $TmpDir/pki-tps-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tps-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test_user us19 > $TmpDir/pki-tps-user-add-019_4.out 2>&1" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-tps-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-tps-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-tps-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-015: Should not be able to group-member-add using TPS_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-add using TPS_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-016: Should not be able to add a non existing user to a group" + user="tuser3" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-add \"$groupid5\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-017: Add a group and add a user to the group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g1description\" g1 > $TmpDir/pki-tps-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tps-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-tps-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-tps-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-tps-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tps-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-tps-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g1 u9 > $TmpDir/pki-tps-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tps-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g1 > $TmpDir/pki-tps-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-018: Add two group and add a user to the two different group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g2description\" g2 > $TmpDir/pki-tps-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tps-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tps-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g3description\" g3 > $TmpDir/pki-tps-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tps-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tps-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-tps-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-tps-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tps-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-tps-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g2 u10 > $TmpDir/pki-tps-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tps-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g2 > $TmpDir/pki-tps-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g3 u10 > $TmpDir/pki-tps-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tps-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g3 > $TmpDir/pki-tps-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-019: Add a group, add a user to the group and delete the group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g4description\" gr4 > $TmpDir/pki-tps-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-tps-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-tps-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-tps-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + -user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-tps-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-tps-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tps-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-tps-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add gr4 u11 > $TmpDir/pki-tps-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-tps-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-tps-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find gr4 > $TmpDir/pki-tps-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-tps-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del gr4 > $TmpDir/pki-tps-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-tps-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-membership-find u11 > $TmpDir/pki-tps-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-020: Add a group, add a user to the group and modify the group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g5description\" g4 > $TmpDir/pki-tps-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tps-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-tps-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-tps-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-tps-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tps-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-tps-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g4 u12 > $TmpDir/pki-tps-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-tps-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-tps-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g4 > $TmpDir/pki-tps-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-tps-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod g4 --description=\"Modified group\" > $TmpDir/pki-tps-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tps-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-tps-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-add-tps-021: Add a group, add a user to the group, run user-membership-del on the user and run group-member-find using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"g6description\" g5 > $TmpDir/pki-tps-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tps-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-tps-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-tps-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-tps-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tps-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-tps-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add g5 u13 > $TmpDir/pki-tps-group-member-add-groupadd-026.out 2>&1" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-tps-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-tps-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g5 > $TmpDir/pki-tps-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-tps-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-membership-del u13 g5 > $TmpDir/pki-tps-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-tps-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find g5 > $TmpDir/pki-tps-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_member-add-cleanup-tps-001: Deleting the temp directory and users and groups" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-user-del-tps-group-member-add-group-del-tps-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-tps-group-member-add-group-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del userall > $TmpDir/pki-group-del-tps-group-member-add-user-del-tps-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-tps-group-member-add-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user1 > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del us19 > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-u13-001.out" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del testuser$i > $TmpDir/pki-group-member-add-tps-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-tps-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + + Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-add-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-del-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-del-tps.sh new file mode 100755 index 000000000..2a8d74636 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-del-tps.sh @@ -0,0 +1,799 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-del-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-group-cli-group-member-del-tps_tests(){ + rlPhaseStartTest "pki_group_cli_group_member-del-tps-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +#Available groups group-member-del + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + rlPhaseStartTest "pki_group_cli_group_member-del-tps-002: Delete group-member when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i > $TmpDir/pki-tps-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tps-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del \"$gid\" u$i > $TmpDir/pki-tps-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-tps-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-003: Delete group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall > $TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del \"$gid\" userall > $TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-004: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tps-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" user1 > $TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-005: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-tps-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" user2 > $TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-006: Should not be able to group-member-del using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-007: Should not be able to group-member-del using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group-member using a revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-008: Should not be able to group-member-del using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert TPS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-009: Should not be able to group-member-del using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-010: Should not be able to group-member-del using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-011: Should not be able to group-member-del using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-012: Should not be able to group-member-del using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-013: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using TPS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-014: Should not be able to group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-015: Delete group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-tps-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tps-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-tps-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-tps-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tps-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-016: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-tps-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-tps-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-tps-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-tps-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-017: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-tps-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-tps-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tps-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-tps-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" u20 > $TmpDir/pki-tps-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-tps-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find Administrators > $TmpDir/pki-user-del-tps-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-tps-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u20 > $TmpDir/pki-user-del-tps-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find Administrators > $TmpDir/pki-user-del-tps-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-tps-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_group_cli_group_member-del-tps-018: User deleted from Administrators group cannnot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tps-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"Administrators\" testuser1 > $TmpDir/pki-tps-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tps-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.out -t \"u,u,u\"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-cert-add testuser1 --input $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tps-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del \"Administrators\" testuser1 > $TmpDir/pki-tps-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-tps-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT -t tps user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-019: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-tps-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tps-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tps-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-tps-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"group1\" testuser2 > $TmpDir/pki-tps-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-tps-group-member-del-groupadd-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-tps-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'group1' > $TmpDir/pki-tps-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-tps-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-membership-find testuser2 > $TmpDir/pki-tps-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-tps-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-del-tps-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del userall > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user1 > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user2 > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user123 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del testuser1 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser1.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del testuser2 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser2.out" + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-del-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-find-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-find-tps.sh new file mode 100755 index 000000000..1284e07fa --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-find-tps.sh @@ -0,0 +1,822 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-cli-group-member-find-tps CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-find-tps Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-find-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-group-cli-group-member-find-tps_tests(){ + #Local variables + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-find_tps-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-001: Find tps-group-member when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" u$i > $TmpDir/pki-tps-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tps-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-002: Find tps-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"$gid\" userall > $TmpDir/pki-tps-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tps-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-003: Find tps-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"Test group\" group1 > $TmpDir/pki-tps-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tps-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tps-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tps-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-tps-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-tps-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-tps-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tps-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add group1 user$i > $TmpDir/pki-tps-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-tps-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-tps-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 > $TmpDir/pki-tps-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tps-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-tps-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-tps-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-004: Find group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=5 > $TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-005: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=0 > $TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-006: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-007: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=15 > $TmpDir/pki-tps-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-008: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-009: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=0 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-006.out" 0 \ + "group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-010: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=1 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" 0 \ + "group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-011: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=15 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" 0 \ + "group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-012: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=100 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" 0 \ + "tps-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-013: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-014: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-015: Find group members with -t option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --size=5 > $TmpDir/pki-tps-group-member-find-018.out" \ + 0 \ + "Find group-member with -t tps option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-016: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group1 --start=6 --size=5 > $TmpDir/pki-tps-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-017: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-018: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-019: Should not be able to group-member-find using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-020: Should not be able to group-member-find using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-021: Should not be able to group-member-find using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent TPS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-022: Should not be able to group-member-find using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired admin TPS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-023: Should not be able to group-member-find using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent TPS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-024: Should not be able to group-member-find using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid officer TPS_officerV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-025: Should not be able to group-member-find using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator TPS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-026: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using TPS_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-027: Should not be able to group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted TPS_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-028:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-tps-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tps-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-tps-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-029: Find group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"Test group\" group2 > $TmpDir/pki-tps-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-tps-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-tps-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tps-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add group2 userid$i > $TmpDir/pki-tps-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-tps-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-tps-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-find group2 > $TmpDir/pki-tps-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tps-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tps-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-tps-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member-find-tps-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$i > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u9 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u9" + rlAssertGrep "Deleted user \"u9\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del user$i > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del userid$i > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del userall > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-userall.out" + + + #===Deleting groups created using TPS_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'group1' > $TmpDir/pki-user-del-tps-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-tps-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'group2' > $TmpDir/pki-user-del-tps-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-tps-group2.out" + + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-find-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-show-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-show-tps.sh new file mode 100755 index 000000000..f4ad7be4f --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-show-tps.sh @@ -0,0 +1,558 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-member-show-tps Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-group-cli-group-member-show-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-member-show-tps_tests(){ + rlPhaseStartSetup "pki_group_cli_group_member_show_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartTest "pki_tps_group_member_show-configtest: pki tps-group-member-show configuration test" + rlRun "pki tps-group-member-show --help > $TmpDir/pki_tps_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki tps-group-member-show" + rlAssertGrep "usage: tps-group-member-show \[OPTIONS...\]" "$TmpDir/pki_tps_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TPS groups #### + rlPhaseStartTest "pki_group_cli_group_member_show_tps-001: Add group to TPS using TPS_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 u1 > $TmpDir/pki_tps_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_tps_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_tps_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_member_show_tps-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 U1 > $TmpDir/pki-tps-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-tps-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tps-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show TEST_GROUP u1 > $TmpDir/pki-tps-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-tps-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tps-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-008: Should not be able to show group member using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-009: Should not be able to show group member using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-010: Should not be able to show group members using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-011: Should not be able to show group members using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-012: Should not be able to show group members using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-013: Should not be able to show group members using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show-tps-014: Should not be able to show group members using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-015: Should not be able to show group members using a cert created from a untrusted TPS TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group1 u1 > $TmpDir/pki-tps-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tps-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=test u3 > $TmpDir/pki-tps-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-tps-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-tps-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-tps-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-tps-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-018: Add group to TPS using TPS_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group2 u2 > $TmpDir/pki_tps_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_tps_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_tps_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-019: Add group to TPS using TPS_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-member-show $group3 u4 > $TmpDir/pki_tps_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_tps_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_tps_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_member_show_tps_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp > $TmpDir/pki-group-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + user-del u$j > $TmpDir/pki-user-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-member-show-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-mod-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-mod-tps.sh new file mode 100755 index 000000000..f24a8b92b --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-mod-tps.sh @@ -0,0 +1,557 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-group-cli +# Description: PKI group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-mod-tps Modify existing groups in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-mod-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-mod-tps_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_group_cli_group_mod_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +group1=tps_group +group1desc="Test tps group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test tps agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### Tests to modify TPS groups #### + rlPhaseStartTest "pki_group_cli_group_mod_tps-002: Modify a group's description in TPS using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tps-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tps-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_tps-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-tps-group-mod-004.out" \ + 0 \ + "Modified group using TPS_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-tps-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tps-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$randsym\" g2 > $TmpDir/pki-tps-group-mod-005.out" \ + 0 \ + "Modified group using TPS_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-tps-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-tps-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=$ g3 > $TmpDir/pki-tps-group-mod-008.out" \ + 0 \ + "Modified group using TPS_adminV with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-tps-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tps-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-006: Modify a group to TPS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-tps-group-mod-007.out" \ + 0 \ + "Modified group g4 to TPS" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tps-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tps-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_tps-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-008: Should not be able to modify groups using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_group_cli_group_mod_tps-009: Should not be able to modify group using an agent or a revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-010: Should not be able to modify groups using a TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-011: Should not be able to modify group using a TPS_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-012: Should not be able to modify group using a TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using officer users##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-013: Should not be able to modify group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an officer cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_group_cli_group_mod_tps-014: Should not be able to modify group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as TPS_operatorV" + rlPhaseEnd + +##### Tests to modify groups using TPS_adminUTCA and TPS_agentUTCA user's certificate will be issued by an untrusted CA users##### + rlPhaseStartTest "pki_group_cli_group_mod_tps-015: Should not be able to modify groups using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_group_cli_group_mod_tps-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify TPS groups with empty parameters #### + + rlPhaseStartTest "pki_group_cli_group_mod_tps-017: Modify a user created group in TPS using TPS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description=\"\" g5 > $TmpDir/pki-tps-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-tps-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify TPS groups with the same value #### + + rlPhaseStartTest "pki_group_cli_group_mod_tps-018: Modify a group in TPS using TPS_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group1 > $TmpDir/pki-tps-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tps-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tps-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tps-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify TPS groups having i18n chars in the description #### + +rlPhaseStartTest "pki_group_cli_group_mod_tps-019: Modify a groups's description having i18n chars in TPS using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-tps-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-tps-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-tps-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-tps-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated TPS groups #### + rlPhaseStartTest "pki_group_cli_group_mod_tps-021: Modify Administrator group's description in TPS using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show Administrators > $TmpDir/pki-tps-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-tps-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-tps-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tps-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tps-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_mod_tps-022: Modify Administrators group in TPS using TPS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show Administrators > $TmpDir/pki-tps-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-tps-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-mod --description=\"\" Administrators > $TmpDir/pki-tps-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tps-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tps-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_group_cli_group_cleanup_tps: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-group-del-tps-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tps-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp > $TmpDir/pki-group-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $i18ngroup > $TmpDir/pki-group-del-tps-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-tps-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-mod-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-show-tps.sh b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-show-tps.sh new file mode 100755 index 000000000..894ebf034 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-show-tps.sh @@ -0,0 +1,732 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-group-cli +# Description: PKI group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-group-cli-group-show-tps Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-group-cli-group-show-tps.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-group-cli-group-show-tps_tests(){ + +rlPhaseStartSetup "pki_group_cli_group_show_tps-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + ##### Tests to show TPS groups #### + rlPhaseStartTest "pki_group_cli_group_show_tps-001: Add group to TPS using TPS_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TPS_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group1 > $TmpDir/pki-tps-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tps-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group2" \ + 0 \ + "Add group $group2 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group2 > $TmpDir/pki-tps-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-tps-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-tps-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group3" \ + 0 \ + "Add group $group3 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group3 > $TmpDir/pki-tps-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-tps-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tps-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group4" \ + 0 \ + "Add group $group4 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group4 > $TmpDir/pki-tps-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-tps-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tps-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group5" \ + 0 \ + "Add $group5 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group5 > $TmpDir/pki-tps-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-tps-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tps-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group6" \ + 0 \ + "Add $group6 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group6 > $TmpDir/pki-tps-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-tps-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tps-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test $group7" \ + 0 \ + "Add group $group7 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show $group7 > $TmpDir/pki-tps-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-tps-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tps-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='$desc' g1" \ + 0 \ + "Added group using TPS_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g1 > $TmpDir/pki-tps-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-tps-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description='$desc' g2" \ + 0 \ + "Added group using TPS_adminV with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g2 > $TmpDir/pki-tps-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tps-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=# g3" \ + 0 \ + "Add group g3 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g3 > $TmpDir/pki-tps-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tps-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-tps-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=* g4" \ + 0 \ + "Add group g4 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g4 > $TmpDir/pki-tps-group-show-001_10.out" \ + 0 \ + "Show group g4 using TPS_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-tps-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-tps-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g5 > $TmpDir/pki-tps-group-show-001_11.out" \ + 0 \ + "Show group g5 using TPS_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-tps-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tps-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g6 > $TmpDir/pki-tps-group-show-001_12.out" \ + 0 \ + "Show group g6 using TPS_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tps-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tps-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-tps-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-014: Show group with -t tps option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test g7" \ + 0 \ + "Adding group g7 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g7 > $TmpDir/pki-tps-group-show-001_32.out" \ + 0 \ + "Show group g7 using TPS_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-tps-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tps-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-tps-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_group_cli_group_show_tps-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show G7 > $TmpDir/pki-tps-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-tps-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tps-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-017: Should not be able to show group using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-018: Should not be able to show group using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-019: Should not be able to show group using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-020: Should not be able to show group using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-021: Should not be able to show group using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-022: Should not be able to show group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-023: Should not be able to show group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-024: Should not be able to show group using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_show_encoded_0025pkcs10.out > $TmpDir/pki_tps_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tps_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show g7 > $TmpDir/pki-tps-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT -t tps group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using TPS_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tps-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÖrjanÄke' > $TmpDir/pki-tps-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-tps-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tps-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_show_tps-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-add --description=test 'ÉricTêko' > $TmpDir/pki-tps-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-show 'ÉricTêko' > $TmpDir/pki-tps-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-tps-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tps-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_group_cli_group_cleanup_tps: Deleting the temp directory and groups" + + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g$i > $TmpDir/pki-tps-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tps-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del $grp > $TmpDir/pki-group-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del 'ÉricTêko' > $TmpDir/pki-group-del-tps-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tps-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-show-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-add.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-add.sh new file mode 100755 index 000000000..0ce08a662 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-add.sh @@ -0,0 +1,604 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-group-cli +# Description: PKI ocsp-group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-group-cli-ocsp-group-add Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-ocsp-group-cli-ocsp-group-add.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-ocsp-group-cli-ocsp-group-add_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + + #### Create Temporary directory #### + + rlPhaseStartSetup "pki_ocsp_group_cli_ocsp_group_add-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then + OCSP_HOST=$(eval echo \$${MYROLE}) + OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) + CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) + eval ${subsystemId}_adminV_user=${subsystemId}_adminV + eval ${subsystemId}_adminR_user=${subsystemId}_adminR + eval ${subsystemId}_adminE_user=${subsystemId}_adminE + eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA + eval ${subsystemId}_agentV_user=${subsystemId}_agentV + eval ${subsystemId}_agentR_user=${subsystemId}_agentR + eval ${subsystemId}_agentE_user=${subsystemId}_agentE + eval ${subsystemId}_auditV_user=${subsystemId}_auditV + eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PASSWD="redhat123" + + #### pki ocsp-group configuration test #### + + rlPhaseStartTest "pki_ocsp_group_cli-configtest: pki ocsp-group --help configuration test" + rlRun "pki ocsp-group --help > $TmpDir/pki_ocsp_group_cfg.out 2>&1" \ + 0 \ + "pki ocsp-group --help" + rlAssertGrep "ocsp-group-find Find groups" "$TmpDir/pki_ocsp_group_cfg.out" + rlAssertGrep "ocsp-group-show Show group" "$TmpDir/pki_ocsp_group_cfg.out" + rlAssertGrep "ocsp-group-add Add group" "$TmpDir/pki_ocsp_group_cfg.out" + rlAssertGrep "ocsp-group-mod Modify group" "$TmpDir/pki_ocsp_group_cfg.out" + rlAssertGrep "ocsp-group-del Remove group" "$TmpDir/pki_ocsp_group_cfg.out" + rlAssertGrep "ocsp-group-member Group member management commands" "$TmpDir/pki_ocsp_group_cfg.out" + rlAssertNotGrep "Error: Invalid module \"ocsp-group---help\"." "$TmpDir/pki_ocsp_group_cfg.out" + rlPhaseEnd + + #### pki ocsp-group-add configuration test #### + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-configtest: pki ocsp-group-add configuration test" + rlRun "pki ocsp-group-add --help > $TmpDir/pki_ocsp_group_add_cfg.out 2>&1" \ + 0 \ + "pki ocsp-group-add --help" + rlAssertGrep "usage: ocsp-group-add \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_add_cfg.out" + rlAssertGrep "\--description Description" "$TmpDir/pki_ocsp_group_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_add_cfg.out" + rlPhaseEnd + + ##### Tests to add OCSP groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-001: Add a group to OCSP using OCSP_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-ocsp-group-add-001.out" \ + 0 \ + "Add group $group1 to OCSP" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-ocsp-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-ocsp-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-ocsp-group-add-001_1.out" \ + 0 \ + "Added group using OCSP_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-ocsp-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-ocsp-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description test $group3 > $TmpDir/pki-ocsp-group-add-001_2.out" \ + 0 \ + "Added group using OCSP_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-ocsp-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-ocsp-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group4 > $TmpDir/pki-ocsp-group-add-001_3.out" \ + 0 \ + "Added group using OCSP_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-ocsp-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-ocsp-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group5 > $TmpDir/pki-ocsp-group-add-001_4.out " \ + 0 \ + "Added group using OCSP_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-ocsp-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-ocsp-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group6 > $TmpDir/pki-ocsp-group-add-001_5.out " \ + 0 \ + "Added group using OCSP_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-ocsp-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-ocsp-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group7 > $TmpDir/pki-ocsp-group-add-001_6.out " \ + 0 \ + "Added group using OCSP_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-ocsp-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-ocsp-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-ocsp-group-add-001_7.out" \ + 0 \ + "Added group using OCSP_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-ocsp-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-ocsp-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-ocsp-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-ocsp-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='$groupdesc' g2 > $TmpDir/pki-ocsp-group-add-001_8.out" \ + 0 \ + "Added group using OCSP_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-ocsp-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-ocsp-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-010: Add a duplicate group to CA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-011: Add a group to OCSP with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-add --description=\"$desc\" g3 > $TmpDir/pki-ocsp-group-add-0011.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-ocsp-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-ocsp-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add g7 > $TmpDir/pki-ocsp-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-ocsp-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-ocsp-group-add-0013.out" + rlPhaseEnd + + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-014: Should not be able to add group using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-015: Should not be able to add group using a agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-016: Should not be able to add group using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert OCSP_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-017: Should not be able to add group using admin user with expired cert OCSP_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-018: Should not be able to add group using OCSP_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert OCSP_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using audit users##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-019: Should not be able to add group using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert OCSP_auditorV" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-020: Should not be able to add group using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using OCSP_operatorV" + rlPhaseEnd + + + ##### Tests to add groups using OCSP_adminUTCA and OCSP_agentUTCA user's certificate will be issued by an untrusted CA user##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using OCSP_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-023: description with i18n characters" + rlLog "ocsp-group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='Örjan Äke' g4 > $TmpDir/pki-ocsp-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-ocsp-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-ocsp-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-024: description with i18n characters" + rlLog "ocsp-group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='Éric Têko' g5 > $TmpDir/pki-ocsp-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-ocsp-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-ocsp-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-ocsp-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-025: description with i18n characters" + rlLog "ocsp-group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-ocsp-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-ocsp-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-ocsp-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-ocsp-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g6 > $TmpDir/pki-ocsp-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-ocsp-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-ocsp-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-ocsp-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-ocsp-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_add-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test 'ÉricTêko' > $TmpDir/pki-ocsp-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-ocsp-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-ocsp-group-add-001_57.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_cleanup: Deleting groups" + + #===Deleting groups created using OCSP_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g$i > $TmpDir/pki-ocsp-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-ocsp-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using OCSP_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del '$grp' > $TmpDir/pki-ocsp-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-ocsp-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-ocsp-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-ocsp-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using CA_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-ocsp-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÉricTêko' > $TmpDir/pki-ocsp-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-ocsp-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-add cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-del.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-del.sh new file mode 100755 index 000000000..b8d893223 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-del.sh @@ -0,0 +1,634 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-group-cli +# Description: PKI ocsp-group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-group-cli-ocsp-group-del Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-ocsp-group-cli-ocsp-group-del_tests(){ + + rlPhaseStartSetup "pki_ocsp_group_cli_ocsp_group_del-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-configtest-001: pki ocsp-group-del --help configuration test" + rlRun "pki ocsp-group-del --help > $TmpDir/ocsp_group_del.out 2>&1" 0 "pki ocsp-group-del --help" + rlAssertGrep "usage: ocsp-group-del " "$TmpDir/ocsp_group_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/ocsp_group_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-configtest-002: pki ocsp-group-del configuration test" + rlRun "pki ocsp-group-del > $TmpDir/ocsp_group_del_2.out 2>&1" 255 "pki ocsp-group-del" + rlAssertGrep "usage: ocsp-group-del " "$TmpDir/ocsp_group_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/ocsp_group_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/ocsp_group_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-003: Delete valid groups" + group1=ocsp_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to OCSP using OCSP_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using OCSP_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g$i > $TmpDir/pki-ocsp-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-ocsp-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to OCSP using OCSP_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using OCSP_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del $grp > $TmpDir/pki-ocsp-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-ocsp-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-004: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del GROUP_ABC > $TmpDir/pki-ocsp-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-ocsp-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-005: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-006: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test \"$group2\" > $TmpDir/pki-ocsp-group-add-001_1.out" \ + 0 \ + "Added group using OCSP_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del \"$group2\" > $TmpDir/pki-ocsp-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using OCSP_adminV" + actual_groupid_string=`cat $TmpDir/pki-ocsp-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-007: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test '$groupid' > $TmpDir/pki-ocsp-group-add-001_8.out" \ + 0 \ + "Added group using OCSP_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del '$groupid' > $TmpDir/pki-ocsp-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using OCSP_adminV" + actual_groupid_string=`cat $TmpDir/pki-ocsp-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show '$groupid' > $TmpDir/pki-ocsp-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-ocsp-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-008: Delete group from OCSP with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-add --description=\"g1description\" g1 > $TmpDir/pki-ocsp-group-add-009.out" \ + 0 \ + "Add group g1 to OCSP" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + group-del g1 > $TmpDir/pki-ocsp-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t ocsp option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-ocsp-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-009: Should not be able to delete group using a revoked cert OCSP_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-ocsp-010.out" \ + 0 \ + "Add group g2 to OCSP" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g2 > $TmpDir/pki-ocsp-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-ocsp-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-ocsp-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-010: Should not be able to delete group using a agent with revoked cert OCSP_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-ocsp-010.out" \ + 0 \ + "Add group g3 to OCSP" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g3 > $TmpDir/pki-ocsp-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-ocsp-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-ocsp-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-011: Should not be able to delete group using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g3 > $TmpDir/pki-ocsp-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-ocsp-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-ocsp-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-012: Should not be able to delete group using a admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/934" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g3 > $TmpDir/pki-group-show-ocsp-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-013: Should not be able to delete a group using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g3 > $TmpDir/pki-group-show-ocsp-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-014: Should not be able to delete group using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a audit cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g3 > $TmpDir/pki-group-show-ocsp-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-015: Should not be able to delete group using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g3 > $TmpDir/pki-group-show-ocsp-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-016: Should not be able to delete group using a cert created from a untrusted OCSP OCSP_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g3 > $TmpDir/pki-group-show-ocsp-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-017: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_del_encoded_0025pkcs10.out > $TmpDir/pki_ocsp_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_ocsp_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g3 > $TmpDir/pki-ocsp-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g3 > $TmpDir/pki-group-show-ocsp-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-ocsp-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-ocsp-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-ocsp-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g3 > $TmpDir/pki-group-del-ocsp-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-018: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-ocsp-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-ocsp-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-ocsp-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ocsp-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ocsp-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del-019: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-ocsp-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-ocsp-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ocsp-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show 'ÉricTêko' > $TmpDir/pki-group-add-ocsp-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-ocsp-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-ocsp-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÉricTêko' > $TmpDir/pki-group-del-ocsp-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ocsp-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_del_cleanup-004: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-del cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-find.sh new file mode 100755 index 000000000..43cf984c6 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-find.sh @@ -0,0 +1,656 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-group-cli +# Description: PKI ocsp-group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-group-cli-ocsp-group-find To list groups in OCSP. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-ocsp-group-cli-ocsp-group-find_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 + +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_ocsp_group_cli_ocsp_group_find-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_ocsp_group_cli_ocsp_group_find-startup: add groups" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-configtest-001: pki ocsp-group-find --help configuration test" + rlRun "pki ocsp-group-find --help > $TmpDir/ocsp_group_find.out 2>&1" 0 "pki ocsp-group-find --help" + rlAssertGrep "usage: ocsp-group-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/ocsp_group_find.out" + rlAssertGrep "\--size Page size" "$TmpDir/ocsp_group_find.out" + rlAssertGrep "\--start Page start" "$TmpDir/ocsp_group_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/ocsp_group_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-configtest-002: pki ocsp-group-find configuration test" + command="pki ocsp-group-find" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-group-find" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --size=5 > $TmpDir/pki-ocsp-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-ocsp-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --size=0 > $TmpDir/pki-ocsp-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-005: Find all groups, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --size=$large_num > $TmpDir/pki-ocsp-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-ocsp-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + rlLog "$randhex" + randhex_covup=${randhex^^} + rlLog "$randhex_covup" + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + #maximum_check=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "$maximum_check" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --size=$maximum_check > $TmpDir/pki-ocsp-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-ocsp-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find > $TmpDir/pki-ocsp-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in OCSP" + group_entry_10=`cat $TmpDir/pki-ocsp-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=10 > $TmpDir/pki-ocsp-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-ocsp-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-ocsp-group-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=10000 > $TmpDir/pki-ocsp-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=$maximum_check > $TmpDir/pki-ocsp-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=0 > $TmpDir/pki-ocsp-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-ocsp-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find > $TmpDir/pki-ocsp-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in OCSP" + group_entry_12=`cat $TmpDir/pki-ocsp-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=12 --size=12 > $TmpDir/pki-ocsp-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-ocsp-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-ocsp-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find > $TmpDir/pki-ocsp-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in OCSP" + group_entry_12=`cat $TmpDir/pki-ocsp-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=12 --size=0 > $TmpDir/pki-ocsp-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-021: Should not be able to find group using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-022: Should not be able to find groups using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-023: Should not be able to find groups using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-024: Should not be able to find groups using admin user with expired cert OCSP_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-025: Should not be able to find groups using OCSP_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-026: Should not be able to find groups using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-027: Should not be able to find groups using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-028: Should not be able to find groups using a cert created from a untrusted OCSP OCSP_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using OCSP_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_find_encoded_0029pkcs10.out > $TmpDir/pki_ocsp_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_ocsp_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --start=1 --size=5 > $TmpDir/pki-ocsp-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-group-find-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --size=1000 > $TmpDir/pki-ocsp-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-ocsp-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-ocsp-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-ocsp-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find --size=1000 > $TmpDir/pki-ocsp-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-ocsp-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-ocsp-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find Administrator > $TmpDir/pki-ocsp-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-ocsp-group-show-033.out" + rlAssertGrep "Group ID: Security Domain Administrators" "$TmpDir/pki-ocsp-group-show-033.out" + rlAssertGrep "Group ID: Enterprise OCSP Administrators" "$TmpDir/pki-ocsp-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-033: find group - filter 'OCSP'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find OCSP" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-find OCSP > $TmpDir/pki-ocsp-group-show-034.out" \ + 0 \ + "Find group with Keyword OCSP" + rlAssertGrep "Group ID: Enterprise OCSP Administrators" "$TmpDir/pki-ocsp-group-show-034.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_find-034: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki ocsp-group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using OCSP_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g$i > $TmpDir/pki-group-del-ocsp-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ocsp-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ocsp-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÉricTêko' > $TmpDir/pki-group-del-ocsp-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ocsp-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-add.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-add.sh new file mode 100755 index 000000000..0ce6c35d4 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-add.sh @@ -0,0 +1,1058 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-group-cli +# Description: PKI ocsp-group-cli-ocsp-group-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-group-cli-ocsp-group-member-add Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-group-cli-ocsp-group-member-add.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-ocsp-group-cli-ocsp-group-member-add_tests(){ + + rlPhaseStartSetup "pki_ocsp_group_cli_ocsp_group_membership-add-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +#Local variables + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-002: pki ocsp-group-member configuration test" + rlRun "pki ocsp-group-member > $TmpDir/pki_ocsp_group_member_cfg.out 2>&1" \ + 0 \ + "pki ocsp-group-member" + rlAssertGrep "Commands:" "$TmpDir/pki_ocsp_group_member_cfg.out" + rlAssertGrep "ocsp-group-member-find Find group members" "$TmpDir/pki_ocsp_group_member_cfg.out" + rlAssertGrep "ocsp-group-member-add Add group member" "$TmpDir/pki_ocsp_group_member_cfg.out" + rlAssertGrep "ocsp-group-member-del Remove group member" "$TmpDir/pki_ocsp_group_member_cfg.out" + rlAssertGrep "ocsp-group-member-show Show group member" "$TmpDir/pki_ocsp_group_member_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-003: pki ocsp-group-member-add --help configuration test" + rlRun "pki ocsp-group-member-add --help > $TmpDir/pki_ocsp_group_member_add_cfg.out 2>&1" \ + 0 \ + "pki ocsp-group-member-add --help" + rlAssertGrep "usage: ocsp-group-member-add \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_member_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_member_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-004: pki ocsp-group-member-add configuration test" + rlRun "pki ocsp-group-member-add > $TmpDir/pki_ocsp_group_member_add_2_cfg.out 2>&1" \ + 255 \ + "pki ocsp-group-member-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_ocsp_group_member_add_2_cfg.out" + rlAssertGrep "usage: ocsp-group-member-add \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_member_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_member_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-005: Add users to available groups using valid admin user OCSP_adminV" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-ocsp-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-ocsp-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-show u$i > $TmpDir/pki-ocsp-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-ocsp-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" u$i > $TmpDir/pki-ocsp-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-006: Add a user to all available groups using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-ocsp-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-ocsp-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-show userall > $TmpDir/pki-ocsp-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-ocsp-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" userall > $TmpDir/pki-ocsp-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-ocsp-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-ocsp-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-ocsp-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-ocsp-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-show user1 > $TmpDir/pki-ocsp-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki OCSP_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-ocsp-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-ocsp-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-ocsp-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"Administrators\" user1 > $TmpDir/pki-ocsp-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-ocsp-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-009: Should be able to ocsp-group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-ocsp-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-ocsp-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-ocsp-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-ocsp-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-010: Should not be able to ocsp-group-member-add using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-add using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-011: Should not be able to ocsp-group-member-add using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-add using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-012: Should not be able to ocsp-group-member-add using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-add using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-013: Should not be able to ocsp-group-member-add using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-add using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-014: Should not be able to ocsp-group-member-add using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-add using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-015: Should not be able to ocsp-group-member-add using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-add using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-016: Should not be able to ocsp-group-member-add using OCSP_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-add using OCSP_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-017: Should not be able to ocsp-group-member-add using OCSP_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-add using OCSP_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-018: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" testuser1 > $TmpDir/pki-ocsp-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-ocsp-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add testuser1 --input $TmpDir/pki_ocsp_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "ocsp-user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-ocsp-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-ocsp-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find $groupid4 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test_user us19 > $TmpDir/pki-ocsp-user-add-019_4.out" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-ocsp-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-ocsp-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-ocsp-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-019: Should not be able to ocsp-group-member-add using OCSP_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-add using OCSP_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-020: Should not be able to add a non existing user to a group" + user="non-existing-user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-add \"$groupid6\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-021: Add a group and add a user to the group using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g1description\" g1 > $TmpDir/pki-ocsp-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-ocsp-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-ocsp-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-ocsp-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-ocsp-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-ocsp-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-ocsp-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-ocsp-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g1 u9 > $TmpDir/pki-ocsp-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-ocsp-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find g1 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-022: Add two group and add a user to the two different group using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g2description\" g2 > $TmpDir/pki-ocsp-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-ocsp-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-ocsp-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g3description\" g3 > $TmpDir/pki-ocsp-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-ocsp-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-ocsp-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-ocsp-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-ocsp-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-ocsp-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-ocsp-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g2 u10 > $TmpDir/pki-ocsp-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find g2 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g3 u10 > $TmpDir/pki-ocsp-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find g3 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-023: Add a group, add a user to the group and delete the group using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g4description\" gr4 > $TmpDir/pki-ocsp-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-ocsp-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-ocsp-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-ocsp-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-ocsp-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-ocsp-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-ocsp-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-ocsp-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add gr4 u11 > $TmpDir/pki-ocsp-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-ocsp-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find gr4 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del gr4 > $TmpDir/pki-ocsp-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-ocsp-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-membership-find u11 > $TmpDir/pki-ocsp-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-ocsp-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-024: Add a group, add a user to the group and modify the group using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g5description\" g4 > $TmpDir/pki-ocsp-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-ocsp-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-ocsp-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-ocsp-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-ocsp-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-ocsp-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-ocsp-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g4 u12 > $TmpDir/pki-ocsp-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-ocsp-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find g4 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod g4 --description=\"Modified group\" > $TmpDir/pki-ocsp-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-ocsp-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-ocsp-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-025: Add a group, add a user to the group, run ocsp-user-membership-del on the user and run ocsp-group-member-find using valid admin user OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"g6description\" g5 > $TmpDir/pki-ocsp-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-ocsp-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-ocsp-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-ocsp-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-ocsp-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-ocsp-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-ocsp-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-ocsp-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add g5 u13 > $TmpDir/pki-ocsp-group-member-add-groupadd-026.out" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-ocsp-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find g5 > $TmpDir/pki-ocsp-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-ocsp-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-membership-del u13 g5 > $TmpDir/pki-ocsp-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-ocsp-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find g5 > $TmpDir/pki-ocsp-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-ocsp-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-add-cleanup-001: Deleting the temp directory and users and groups" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del u$i > $TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g$i > $TmpDir/pki-user-del-ocsp-group-member-add-group-del-ocsp-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-ocsp-group-member-add-group-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del userall > $TmpDir/pki-group-del-ocsp-group-member-add-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-ocsp-group-member-add-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del user1 > $TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del us19 > $TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-ocsp-group-member-add-user-del-ocsp-u13-001.out" + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del testuser$i > $TmpDir/pki-group-member-add-ocsp-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-ocsp-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-member-add cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-del.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-del.sh new file mode 100755 index 000000000..f39b726d4 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-del.sh @@ -0,0 +1,757 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-group-cli +# Description: PKI ocsp-group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-group-cli-ocsp-group-member-del.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-ocsp-group-cli-ocsp-group-member-del_tests(){ + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +#Available groups ocsp-group-member-del + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-002: pki ocsp-group-member-del --help configuration test" + rlRun "pki ocsp-group-member-del --help > $TmpDir/pki_ocsp_group_member_del_cfg.out 2>&1" \ + 0 \ + "pki ocsp-group-member-del --help" + rlAssertGrep "usage: ocsp-group-member-del \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_member_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_member_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-003: pki ocsp-group-member-del configuration test" + rlRun "pki ocsp-group-member-del > $TmpDir/pki_ocsp_group_member_del_2_cfg.out 2>&1" \ + 255 \ + "pki ocsp-group-member-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_ocsp_group_member_del_2_cfg.out" + rlAssertGrep "usage: ocsp-group-member-del \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_member_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_member_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-004: Delete ocsp-group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-ocsp-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-ocsp-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" u$i > $TmpDir/pki-ocsp-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del \"$gid\" u$i > $TmpDir/pki-ocsp-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-ocsp-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-005: Delete ocsp-group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-ocsp-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-ocsp-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" userall > $TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del \"$gid\" userall > $TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-006: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"Administrators\" user1 > $TmpDir/pki-ocsp-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete ocsp-group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-007: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-ocsp-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"Administrators\" user2 > $TmpDir/pki-ocsp-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete ocsp-group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-008: Should not be able to ocsp-group-member-del using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-009: Should not be able to ocsp-group-member-del using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete ocsp-group-member using a revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-010: Should not be able to ocsp-group-member-del using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert OCSP_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-011: Should not be able to ocsp-group-member-del using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-del using admin user with expired cert OCSP_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-012: Should not be able to ocsp-group-member-del using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-del using OCSP_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-013: Should not be able to ocsp-group-member-del using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-del using OCSP_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-014: Should not be able to ocsp-group-member-del using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-del using OCSP_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-015: Should not be able to ocsp-group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-del using OCSP_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-016: Should not be able to ocsp-group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to ocsp-group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-017: Delete ocsp-group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-ocsp-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-ocsp-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-ocsp-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-ocsp-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-ocsp-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-ocsp-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-ocsp-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-018: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-ocsp-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-ocsp-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-ocsp-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-ocsp-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete ocsp-group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-ocsp-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-ocsp-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-ocsp-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-ocsp-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"Administrators\" u20 > $TmpDir/pki-ocsp-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find Administrators > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del u20 > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find Administrators > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-ocsp-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"Administrators\" testuser1 > $TmpDir/pki-ocsp-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.out -t "u,u,u"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-cert-add testuser1 --input $TmpDir/pki_ocsp_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-ocsp-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-ocsp-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del \"Administrators\" testuser1 > $TmpDir/pki-ocsp-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-ocsp-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $OCSP_HOST -p $OCSP_PORT ocsp-user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-022: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-ocsp-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"group1\" testuser2 > $TmpDir/pki-ocsp-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-ocsp-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'group1' > $TmpDir/pki-ocsp-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-ocsp-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-membership-find testuser2 > $TmpDir/pki-ocsp-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-ocsp-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-del-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del u$i > $TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del userall > $TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del user1 > $TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del user2 > $TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-ocsp-group-member-del-user-del-ocsp-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del user123 > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del testuser1 > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-testuser1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del testuser2 > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-testuser2.out" + + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-member-del cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-find.sh new file mode 100755 index 000000000..df48fa2b4 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-find.sh @@ -0,0 +1,792 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-group-cli +# Description: PKI ocsp-group-cli-ocsp-group-member-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-group-cli-ocsp-group-member-find Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-group-cli-ocsp-group-member-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-ocsp-group-cli-ocsp-group-member-find_tests(){ + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +#Available groups ocsp-group-find + groupid1="Online Certificate Status Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + groupid7="Security Domain Administrators" + groupid8="Enterprise OCSP Administrators" + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-002: pki ocsp-group-member-find --help configuration test" + rlRun "pki ocsp-group-member-find --help > $TmpDir/pki_ocsp_group_member_find_cfg.out 2>&1" \ + 0 \ + "pki ocsp-group-member-find --help" + rlAssertGrep "usage: ocsp-group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_member_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_member_find_cfg.out" + rlAssertGrep "\--size Page size" "$TmpDir/pki_ocsp_group_member_find_cfg.out" + rlAssertGrep "\--start Page start" "$TmpDir/pki_ocsp_group_member_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-003: pki ocsp-group-member-find configuration test" + rlRun "pki ocsp-group-member-find > $TmpDir/pki_ocsp_group_member_find_2_cfg.out 2>&1" \ + 255 \ + "pki ocsp-group-member-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_ocsp_group_member_find_2_cfg.out" + rlAssertGrep "usage: ocsp-group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_member_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_member_find_2_cfg.out" + rlAssertGrep "\--size Page size" "$TmpDir/pki_ocsp_group_member_find_2_cfg.out" + rlAssertGrep "\--start Page start" "$TmpDir/pki_ocsp_group_member_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-004: Find ocsp-group-member when user is added to different groups" + i=1 + while [ $i -lt 9 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-ocsp-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-ocsp-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-ocsp-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-ocsp-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" u$i > $TmpDir/pki-ocsp-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-005: Find ocsp-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-ocsp-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-ocsp-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-ocsp-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-ocsp-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 9 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"$gid\" userall > $TmpDir/pki-ocsp-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find \"$gid\" > $TmpDir/pki-ocsp-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-006: Find ocsp-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"Test group\" group1 > $TmpDir/pki-ocsp-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-ocsp-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-ocsp-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-ocsp-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-ocsp-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-ocsp-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-ocsp-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add group1 user$i > $TmpDir/pki-ocsp-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-ocsp-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-ocsp-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 > $TmpDir/pki-ocsp-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-ocsp-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-ocsp-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-ocsp-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-007: Find ocsp-group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 --start=5 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-008: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 --start=0 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-009: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-010: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 --start=15 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-011: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-012: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 --size=0 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-size-006.out" 0 \ + "ocsp-group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-013: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 --size=1 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-size-007.out" 0 \ + "ocsp-group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-014: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 --size=15 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-size-009.out" 0 \ + "ocsp-group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-015: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 --size=100 > $TmpDir/pki-ocsp-group-member-find-groupadd-find-size-0010.out" 0 \ + "ocsp-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-016: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "ocsp-group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-017: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-018: Find group members with -t ocsp option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-member-find group1 --size=5 > $TmpDir/pki-ocsp-group-member-find-018.out" \ + 0 \ + "Find ocsp-group-member with -t ocsp option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-ocsp-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-019: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group1 --start=6 --size=5 > $TmpDir/pki-ocsp-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-ocsp-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-ocsp-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-ocsp-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-020: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-021: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-022: Should not be able to ocsp-group-member-find using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert OCSP_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-023: Should not be able to group-member-find using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-group-member using an agent with revoked cert OCSP_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-024: Should not be able to ocsp-group-member-find using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent OCSP_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-025: Should not be able to ocsp-group-member-find using admin user with expired cert OCSP_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-group-member using a expired admin OCSP_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-026: Should not be able to ocsp-group-member-find using OCSP_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent OCSP_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-027: Should not be able to ocsp-group-member-find using OCSP_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor OCSP_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-028: Should not be able to ocsp-group-member-find using OCSP_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator OCSP_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-029: Should not be able to ocsp-group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find ocsp-group-member using a untrusted OCSP_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-030: Should not be able to ocsp-group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted OCSP_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-031:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-ocsp-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-ocsp-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-ocsp-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-ocsp-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-ocsp-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-ocsp-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-ocsp-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-ocsp-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-032: Find ocsp-group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"Test group\" group2 > $TmpDir/pki-ocsp-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-ocsp-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-ocsp-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-ocsp-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-ocsp-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-ocsp-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-ocsp-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-ocsp-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add group2 userid$i > $TmpDir/pki-ocsp-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-ocsp-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-ocsp-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-find group2 > $TmpDir/pki-ocsp-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-ocsp-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-ocsp-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-ocsp-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member-find-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using OCSP_adminV cert===# + i=1 + while [ $i -lt 10 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del u$i > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del user$i > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del userid$i > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del userall > $TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-ocsp-group-member-find-user-del-ocsp-userall.out" + + + #===Deleting groups created using OCSP_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'group1' > $TmpDir/pki-user-del-ocsp-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-ocsp-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'group2' > $TmpDir/pki-user-del-ocsp-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-ocsp-group2.out" + + + #===Deleting i18n group created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-ocsp-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-member-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-show.sh new file mode 100755 index 000000000..50dd0088f --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-show.sh @@ -0,0 +1,530 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-group-cli +# Description: PKI ocsp-group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-group-cli-ocsp-group-member-show Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-ocsp-group-cli-ocsp-group-member-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-ocsp-group-cli-ocsp-group-member-show_tests(){ + + rlPhaseStartSetup "pki_ocsp_group_cli_ocsp_group_member_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +#local variables + group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + + rlPhaseStartTest "pki_ocsp_group_member_show-configtest: pki ocsp-group-member-show configuration test" + rlRun "pki ocsp-group-member-show --help > $TmpDir/pki_ocsp_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki ocsp-group-member-show" + rlAssertGrep "usage: ocsp-group-member-show \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show OCSP groups #### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-001: Add group to OCSP using OCSP_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group1 u1 > $TmpDir/pki_ocsp_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_ocsp_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_ocsp_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group1 U1 > $TmpDir/pki-ocsp-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-ocsp-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-ocsp-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show TEST_GROUP u1 > $TmpDir/pki-ocsp-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-ocsp-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-ocsp-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-008: Should not be able to show group member using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-009: Should not be able to show group member using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-010: Should not be able to show group members using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-011: Should not be able to show group members using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-012: Should not be able to show group members using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-013: Should not be able to show group members using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-014: Should not be able to show group members using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-015: Should not be able to show group members using a cert created from a untrusted OCSP OCSP_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using OCSP_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_ocsp_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_ocsp_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group1 u1 > $TmpDir/pki-ocsp-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=test u3 > $TmpDir/pki-ocsp-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-ocsp-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-ocsp-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-ocsp-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-ocsp-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-018: Add group to OCSP using OCSP_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group2 u2 > $TmpDir/pki_ocsp_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_ocsp_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_ocsp_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-019: Add group to OCSP using OCSP_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using OCSP_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-member-show $group3 u4 > $TmpDir/pki_ocsp_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_ocsp_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_ocsp_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - ocsp-group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_member_show_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using OCSP_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del $grp > $TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-user-del u$j > $TmpDir/pki-user-del-ocsp-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-ocsp-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ocsp-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-member-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-mod.sh new file mode 100755 index 000000000..a597b11cf --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-mod.sh @@ -0,0 +1,545 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-group-cli +# Description: PKI ocsp-group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-group-cli-ocsp-group-mod Modify existing groups in the pki ocsp subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-ocsp-group-cli-ocsp-group-mod.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-ocsp-group-cli-ocsp-group-mod_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_ocsp_group_cli_ocsp_group_mod-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + +group1=ocsp_group +group1desc="Test ocsp group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test ocsp agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### pki_ocsp_group_cli_ocsp_group_mod-configtest #### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-configtest-001: pki ocsp-group-mod configuration test" + rlRun "pki ocsp-group-mod --help > $TmpDir/pki_ocsp_group_mod_cfg.out 2>&1" \ + 0 \ + "Group modification configuration" + rlAssertGrep "usage: ocsp-group-mod \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_mod_cfg.out" + rlAssertGrep "\--description Description" "$TmpDir/pki_ocsp_group_mod_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_mod_cfg.out" + rlPhaseEnd + + + ##### Tests to modify OCSP groups #### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-002: Modify a group's description in OCSP" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-ocsp-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-ocsp-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-ocsp-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + +rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-ocsp-group-mod-004.out" \ + 0 \ + "Modified group using OCSP_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-ocsp-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-ocsp-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-ocsp-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$randsym\" g2 > $TmpDir/pki-ocsp-group-mod-005.out" \ + 0 \ + "Modified group using OCSP_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-ocsp-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-ocsp-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=$ g3 > $TmpDir/pki-ocsp-group-mod-008.out" \ + 0 \ + "Modified group with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-ocsp-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-ocsp-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-006: Modify a group to OCSP with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-ocsp-group-mod-007.out" \ + 0 \ + "Modified group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-ocsp-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-ocsp-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-008: Should not be able to modify groups using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-009: Should not be able to modify group using an agent or a revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-010: Should not be able to modify groups using a OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-011: Should not be able to modify group using a OCSP_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-012: Should not be able to modify group using a OCSP_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using audit users##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-013: Should not be able to modify group using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-014: Should not be able to modify group using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as OCSP_operatorV" + rlPhaseEnd + +##### Tests to modify groups using OCSP_adminUTCA and OCSP_agentUTCA user's certificate will be issued by an untrusted OCSP users##### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-015: Should not be able to modify groups using a cert created from a untrusted OCSP OCSP_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify OCSP groups with empty parameters #### + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-017: Modify a user created group in OCSP using OCSP_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description=\"\" g5 > $TmpDir/pki-ocsp-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-ocsp-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-ocsp-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify OCSP groups with the same value #### + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-018: Modify a group in OCSP using OCSP_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show $group1 > $TmpDir/pki-ocsp-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-ocsp-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-ocsp-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-ocsp-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-ocsp-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-ocsp-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify OCSP groups having i18n chars in the description #### + +rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-019: Modify a groups's description having i18n chars in OCSP using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-ocsp-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-ocsp-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-ocsp-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-ocsp-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated OCSP groups #### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-021: Modify Administrator group's description in OCSP using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show Administrators > $TmpDir/pki-ocsp-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-ocsp-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-ocsp-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-ocsp-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-ocsp-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-ocsp-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_mod-022: Modify Administrators group in OCSP using OCSP_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show Administrators > $TmpDir/pki-ocsp-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-ocsp-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-mod --description=\"\" Administrators > $TmpDir/pki-ocsp-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-ocsp-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-ocsp-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_ocsp_group_cli_group_cleanup: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g$i > $TmpDir/pki-group-del-ocsp-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-ocsp-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del $grp > $TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del $i18ngroup > $TmpDir/pki-group-del-ocsp-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-ocsp-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-mod cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-show.sh new file mode 100755 index 000000000..93aa4015a --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-show.sh @@ -0,0 +1,700 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-ocsp-group-cli +# Description: PKI ocsp-group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-ocsp-group-cli-ocsp-group-show Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-ocsp-group-cli-ocsp-group-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-ocsp-group-cli-ocsp-group-show_tests(){ + +rlPhaseStartSetup "pki_ocsp_group_cli_ocsp_group_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 + get_topo_stack $MYROLE $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + ocsp_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ]; then +OCSP_HOST=$(eval echo \$${MYROLE}) +OCSP_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + rlPhaseStartTest "pki_ocsp_group_show-configtest: pki ocsp-group-show configuration test" + rlRun "pki ocsp-group-show --help > $TmpDir/pki_ocsp_group_show_cfg.out 2>&1" \ + 0 \ + "pki ocsp-group-show" + rlAssertGrep "usage: ocsp-group-show \[OPTIONS...\]" "$TmpDir/pki_ocsp_group_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_ocsp_group_show_cfg.out" + rlPhaseEnd + + ##### Tests to show OCSP groups #### + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-001: Add group to OCSP using OCSP_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using OCSP_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show $group1 > $TmpDir/pki-ocsp-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-ocsp-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-ocsp-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-ocsp-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group2" \ + 0 \ + "Add group $group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show $group2 > $TmpDir/pki-ocsp-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-ocsp-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-ocsp-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group3" \ + 0 \ + "Add group $group3 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show $group3 > $TmpDir/pki-ocsp-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-ocsp-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-ocsp-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group4" \ + 0 \ + "Add group $group4 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show $group4 > $TmpDir/pki-ocsp-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-ocsp-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-ocsp-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group5" \ + 0 \ + "Add $group5 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show $group5 > $TmpDir/pki-ocsp-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-ocsp-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-ocsp-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group6" \ + 0 \ + "Add $group6 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show $group6 > $TmpDir/pki-ocsp-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-ocsp-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-ocsp-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test $group7" \ + 0 \ + "Add group $group7 using OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show $group7 > $TmpDir/pki-ocsp-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-ocsp-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-ocsp-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='$desc' g1" \ + 0 \ + "Added group using OCSP_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g1 > $TmpDir/pki-ocsp-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-ocsp-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-ocsp-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-ocsp-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description='$desc' g2" \ + 0 \ + "Added group with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g2 > $TmpDir/pki-ocsp-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-ocsp-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-ocsp-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-ocsp-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=# g3" \ + 0 \ + "Add group g3 using pki OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g3 > $TmpDir/pki-ocsp-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-ocsp-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-ocsp-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-ocsp-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=* g4" \ + 0 \ + "Add group g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g4 > $TmpDir/pki-ocsp-group-show-001_10.out" \ + 0 \ + "Show group g4 using OCSP_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-ocsp-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-ocsp-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-ocsp-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g5 > $TmpDir/pki-ocsp-group-show-001_11.out" \ + 0 \ + "Show group g5 using OCSP_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-ocsp-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-ocsp-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-ocsp-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki OCSP_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g6 > $TmpDir/pki-ocsp-group-show-001_12.out" \ + 0 \ + "Show group g6 using OCSP_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-ocsp-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-ocsp-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-ocsp-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-014: Show group with -t ocsp option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-add --description=test g7" \ + 0 \ + "Adding group g7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + -t ocsp \ + ocsp-group-show g7 > $TmpDir/pki-ocsp-group-show-001_32.out" \ + 0 \ + "Show group g7 using OCSP_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-ocsp-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-ocsp-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-ocsp-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show G7 > $TmpDir/pki-ocsp-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-ocsp-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-ocsp-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-ocsp-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-017: Should not be able to show group using a revoked cert OCSP_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-018: Should not be able to show group using an agent with revoked cert OCSP_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-019: Should not be able to show group using a valid agent OCSP_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-020: Should not be able to show group using admin user with expired cert OCSP_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-021: Should not be able to show group using OCSP_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-022: Should not be able to show group using a OCSP_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-023: Should not be able to show group using a OCSP_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-024: Should not be able to show group using a cert created from a untrusted OCSP OCSP_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using OCSP_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$OCSP_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $OCSP_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_ocsp_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_ocsp_group_show_encoded_0025pkcs10.out > $TmpDir/pki_ocsp_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_ocsp_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show g7 > $TmpDir/pki-ocsp-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-ocsp-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $OCSP_HOST -p $OCSP_PORT ocsp-group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using OCSP_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show 'ÖrjanÄke' > $TmpDir/pki-ocsp-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-ocsp-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-ocsp-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_show-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-add --description=test 'ÉricTêko' > $TmpDir/pki-ocsp-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-show 'ÉricTêko' > $TmpDir/pki-ocsp-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-ocsp-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-ocsp-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_group_cli_ocsp_group_cleanup: Deleting the temp directory and groups" + + #===Deleting groups created using OCSP_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del g$i > $TmpDir/pki-ocsp-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-ocsp-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using OCSP_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del $grp > $TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-ocsp-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using OCSP_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-ocsp-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-ocsp-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $OCSP_HOST \ + -p $OCSP_PORT \ + ocsp-group-del 'ÉricTêko' > $TmpDir/pki-group-del-ocsp-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-ocsp-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-group-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh index ee1ad3c8a..129259851 100755 --- a/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh +++ b/tests/dogtag/acceptance/cli-tests/pki-tests-setup/create-role-users.sh @@ -45,7 +45,7 @@ subsystemId=$1 SUBSYSTEM_TYPE=$2 MYROLE=$3 rlLog "subsystemId=$subsystemId, SUBSYSTEM_TYPE=$SUBSYSTEM_TYPE, MYROLE=$MYROLE" -if [ "$TOPO9" = "TRUE" ] ; then +if [ "$TOPO9" = "TRUE" ] || [ "$TOPOLOGY" = "TOPO9" ]; then ADMIN_CERT_LOCATION=$(eval echo \$${subsystemId}_ADMIN_CERT_LOCATION) admin_cert_nickname=$(eval echo \$${subsystemId}_ADMIN_CERT_NICKNAME) CLIENT_PKCS12_PASSWORD=$(eval echo \$${subsystemId}_CLIENT_PKCS12_PASSWORD) @@ -101,6 +101,12 @@ if [ $SUBSYSTEM_TYPE != "tps" ] ; then eval ${subsystemId}_auditV_password=${subsystemId}_auditV_password export ${subsystemId}_auditV_user fi +if [ $SUBSYSTEM_TYPE = "tps" ] ; then + eval ${subsystemId}_officerV_user=${subsystemId}_officerV + eval ${subsystemId}_officerV_fullName=${subsystemId}_Officer_ValidCert + eval ${subsystemId}_officerV_password=${subsystemId}_officerV_password + export ${subsystemId}_officerV_user +fi ###################################################################### rlPhaseStartSetup "create-role-user-startup: Create temp directory and import CA agent cert into a nss certificate db and trust CA root cert" @@ -122,7 +128,7 @@ fi rlPhaseStartSetup "Creating user and add user to the group" if [ $SUBSYSTEM_TYPE = "tps" ] ; then - user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password)) + user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password) $(eval echo \$${subsystemId}_officerV_user) $(eval echo \$${subsystemId}_officerV_fullName) $(eval echo \$${subsystemId}_officerV_password)) else user=($(eval echo \$${subsystemId}_adminV_user) $(eval echo \$${subsystemId}_adminV_fullName) $(eval echo \$${subsystemId}_adminV_password) $(eval echo \$${subsystemId}_adminR_user) $(eval echo \$${subsystemId}_adminR_fullName) $(eval echo \$${subsystemId}_adminR_password) $(eval echo \$${subsystemId}_adminE_user) $(eval echo \$${subsystemId}_adminE_fullName) $(eval echo \$${subsystemId}_adminE_password) $(eval echo \$${subsystemId}_adminUTCA_user) $(eval echo \$${subsystemId}_adminUTCA_fullName) $(eval echo \$${subsystemId}_adminUTCA_password) $(eval echo \$${subsystemId}_agentV_user) $(eval echo \$${subsystemId}_agentV_fullName) $(eval echo \$${subsystemId}_agentV_password) $(eval echo \$${subsystemId}_agentR_user) $(eval echo \$${subsystemId}_agentR_fullName) $(eval echo \$${subsystemId}_agentR_password) $(eval echo \$${subsystemId}_agentE_user) $(eval echo \$${subsystemId}_agentE_fullName) $(eval echo \$${subsystemId}_agentE_password) $(eval echo \$${subsystemId}_agentUTCA_user) $(eval echo \$${subsystemId}_agentUTCA_fullName) $(eval echo \$${subsystemId}_agentUTCA_password) $(eval echo \$${subsystemId}_auditV_user) $(eval echo \$${subsystemId}_auditV_fullName) $(eval echo \$${subsystemId}_auditV_password) $(eval echo \$${subsystemId}_operatorV_user) $(eval echo \$${subsystemId}_operatorV_fullName) $(eval echo \$${subsystemId}_operatorV_password)) fi @@ -214,30 +220,45 @@ fi "Add user $userid to $operator_group_name group" rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" + elif [ $userid == $(eval echo \$${subsystemId}_officerV_user) ]; then + rlRun "pki -d $CERTDB_DIR \ + -n \"$admin_cert_nickname\" \ + -c $CERTDB_DIR_PASSWORD \ + -h $SUBSYSTEM_HOST \ + -t $SUBSYSTEM_TYPE \ + -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + group-member-add \"TPS Officers\" $userid > $TmpDir/pki-user-add-${subsystemId}-group001$i.out" \ + 0 \ + "Add user $userid to \"TPS Officers\" group" + rlAssertGrep "Added group member \"$userid\"" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" + rlAssertGrep "User: $userid" "$TmpDir/pki-user-add-${subsystemId}-group001$i.out" fi #================# - if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminE_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentE_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ]; then + if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminE_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentE_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ] || [ $userid = $(eval echo \$${subsystemId}_officerV_user) ]; then if [ "$MYROLE" = "MASTER" ]; then get_topo_stack $MYROLE $TmpDir/topo_file if [ $subsystemId = "SUBCA1" ]; then - MYCAHOST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) + MYCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2) elif [ $subsystemId = "CLONE_CA1" ]; then - MYCAHOST=$(cat $TmpDir/topo_file | grep MY_CLONE_CA | cut -d= -f2) + MYCA_INST=$(cat $TmpDir/topo_file | grep MY_CLONE_CA | cut -d= -f2) else - MYCAHOST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + MYCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) fi else - MYCAHOST=$MYROLE + MYCA_INST=$MYROLE + local ca_admin=$(eval echo \$${MYCA_INST}_ADMIN_CERT_NICKNAME) fi + # Get CA Admin cert Nickname + local CA_ADMIN=$(eval echo \$${MYCA_INST}_ADMIN_CERT_NICKNAME) #Create a cert and add it to the $userid user rlLog "Admin Certificate is located at: ${subsystemId}_ADMIN_CERT_LOCATION" local temp_file="$CERTDB_DIR/certrequest_001$i.xml" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ + -n \"$CA_ADMIN\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t ca \ - -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) \ + -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) \ cert-request-profile-show caUserCert --output $temp_file" \ 0 \ "Enrollment Template for Profile caUserCert" @@ -257,43 +278,43 @@ fi rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_email']/Value\" -v $userid@example.com $temp_file" rlRun "xmlstarlet ed -L -u \"CertEnrollmentRequest/Input/Attribute[@name='requestor_phone']/Value\" -v 123-456-7890 $temp_file" - if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminE_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentE_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ]; then + if [ $userid = $(eval echo \$${subsystemId}_adminV_user) ] || [ $userid = $(eval echo \$${subsystemId}_adminR_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentV_user) ] || [ $userid = $(eval echo \$${subsystemId}_agentR_user) ] || [ $userid = $(eval echo \$${subsystemId}_auditV_user) ] || [ $userid = $(eval echo \$${subsystemId}_operatorV_user) ] || [ $userid = $(eval echo \$${subsystemId}_officerV_user) ]; then #cert-request-submit===== #subsystem can be ca or tps subsystem=ca rlLog "Executing: pki cert-request-submit $temp_file" - rlRun "pki -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-submit $temp_file > $CERTDB_DIR/certrequest_$i.out" 0 "Executing pki cert-request-submit" + rlRun "pki -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-submit $temp_file > $CERTDB_DIR/certrequest_$i.out" 0 "Executing pki cert-request-submit" rlAssertGrep "Submitted certificate request" "$CERTDB_DIR/certrequest_$i.out" rlAssertGrep "Request ID:" "$CERTDB_DIR/certrequest_$i.out" rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequest_$i.out" rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest_$i.out" local request_id=`cat $CERTDB_DIR/certrequest_$i.out | grep "Request ID:" | awk '{print $3}'` rlLog "Request ID=$request_id" - rlRun "pki -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001$i.out" 0 "Executing pki cert-request-show $request_id" + rlRun "pki -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001$i.out" 0 "Executing pki cert-request-show $request_id" rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_001$i.out" rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_001$i.out" rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_001$i.out" rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_001$i.out" #Agent Approve the certificate after reviewing the cert for the user rlLog "Executing: pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ + -n \"$CA_ADMIN\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t ca \ - -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) \ + -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) \ cert-request-review $request_id --action=approve" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ + -n \"$CA_ADMIN\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t ca \ - -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) \ + -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) \ cert-request-review $request_id --action=approve > $CERTDB_DIR/certapprove_001$i.out" \ 0 \ "CA agent approve the cert" rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_001$i.out" - rlRun "pki -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001$i.out" 0 "Executing pki cert-request-show $request_id" + rlRun "pki -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001$i.out" 0 "Executing pki cert-request-show $request_id" rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_001$i.out" rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_001$i.out" rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_001$i.out" @@ -302,7 +323,7 @@ fi rlLog "Cerificate Serial Number=$certificate_serial_number" #Verify the certificate is valid - rlRun "pki -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" + rlRun "pki -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_001$i.out" rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_001$i.out" @@ -346,19 +367,19 @@ fi rlRun "cat $profile_file" rlRun "sleep 30" rlLog "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ + -n \"$CA_ADMIN\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t ca \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) \ cert-request-submit $temp_file > $CERTDB_DIR/certrequest_$i.out" rlRun "pki -d $CERTDB_DIR \ - -n \"$admin_cert_nickname\" \ + -n \"$CA_ADMIN\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t ca \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) \ cert-request-submit $temp_file > $CERTDB_DIR/certrequest_$i.out" \ 0 \ "Certificate request submit" @@ -369,23 +390,23 @@ fi rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequest_$i.out" local request_id=`cat $CERTDB_DIR/certrequest_$i.out | grep "Request ID:" | awk '{print $3}'` rlLog "Request ID=$request_id" - rlRun "pki -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001$i.out" 0 "Executing pki cert-request-show $request_id" + rlRun "pki -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestshow_001$i.out" 0 "Executing pki cert-request-show $request_id" rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestshow_001$i.out" rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestshow_001$i.out" rlAssertGrep "Status: pending" "$CERTDB_DIR/certrequestshow_001$i.out" rlAssertGrep "Operation Result: success" "$CERTDB_DIR/certrequestshow_001$i.out" rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ + -n \"$CA_ADMIN\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t ca \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) \ cert-request-review --action=approve $request_id > $CERTDB_DIR/certapprove_001$i.out" \ 0 \ "CA agent approve the cert" rlLog "cat $CERTDB_DIR/certapprove_001$i.out" rlAssertGrep "Approved certificate request $request_id" "$CERTDB_DIR/certapprove_001$i.out" - rlRun "pki -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001$i.out" 0 "Executing pki cert-request-show $request_id" + rlRun "pki -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-request-show $request_id > $CERTDB_DIR/certrequestapprovedshow_001$i.out" 0 "Executing pki cert-request-show $request_id" rlAssertGrep "Request ID: $request_id" "$CERTDB_DIR/certrequestapprovedshow_001$i.out" rlAssertGrep "Type: enrollment" "$CERTDB_DIR/certrequestapprovedshow_001$i.out" rlAssertGrep "Status: complete" "$CERTDB_DIR/certrequestapprovedshow_001$i.out" @@ -393,7 +414,7 @@ fi local certificate_serial_number=`cat $CERTDB_DIR/certrequestapprovedshow_001$i.out | grep "Certificate ID:" | awk '{print $3}'` rlLog "Cerificate Serial Number=$certificate_serial_number" #Verify the certificate is expired - rlRun "pki -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" + rlRun "pki -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_001$i.out" rlAssertGrep "Status: VALID" "$CERTDB_DIR/certificate_show_001$i.out" rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $CERTDB_DIR/certificate_show_001$i.out > $CERTDB_DIR/validcert_001$i.pem" @@ -415,7 +436,7 @@ fi rlRun "date --set='next day'" 0 "Set System date a day ahead" rlRun "date" rlRun "sleep 30" - rlRun "pki -p $(eval echo \$${MYCAHOST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_exp_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" + rlRun "pki -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) -h $SUBSYSTEM_HOST ${subsystem}-cert-show $certificate_serial_number --encoded > $CERTDB_DIR/certificate_show_exp_001$i.out" 0 "Executing pki cert-show $certificate_serial_number" rlAssertGrep "Subject: UID=$userid,E=$userid@example.com,CN=$userfullName,OU=Engineering,O=Example,C=US" "$CERTDB_DIR/certificate_show_exp_001$i.out" rlAssertGrep "Status: EXPIRED" "$CERTDB_DIR/certificate_show_exp_001$i.out" rlRun "date --set='2 days ago'" 0 "Set System back to the present day" @@ -426,11 +447,11 @@ fi if [ $userid == $(eval echo \$${subsystemId}_adminUTCA_user) ]; then rlRun "certutil -d $UNTRUSTED_CERT_DB_LOCATION -A -n role_user_UTCA -i /opt/rhqa_pki/dummycert1.pem -t ",,"" rlLog "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ + -n \"$CA_ADMIN\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t ca \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) \ user-cert-add $userid --input /opt/rhqa_pki/dummycert1.pem" rlRun "pki -d $CERTDB_DIR/ \ @@ -457,18 +478,18 @@ fi elif [ $userid == $(eval echo \$${subsystemId}_adminR_user) -o $userid == $(eval echo \$${subsystemId}_agentR_user) ] ;then rlLog "$userid" rlLog "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ + -n \"$CA_ADMIN\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t ca \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) \ cert-revoke $certificate_serial_number --force --reason = Unspecified > $CERTDB_DIR/revokecert__001$i.out" rlRun "pki -d $CERTDB_DIR/ \ - -n \"$admin_cert_nickname\" \ + -n \"$CA_ADMIN\" \ -c $CERTDB_DIR_PASSWORD \ -h $SUBSYSTEM_HOST \ -t ca \ - -p $(eval echo \$${subsystemId}_UNSECURE_PORT) \ + -p $(eval echo \$${MYCA_INST}_UNSECURE_PORT) \ cert-revoke $certificate_serial_number --force --reason=Unspecified > $CERTDB_DIR/revokecert__001$i.out" \ 0 \ "Certificate of user $userid is revoked" diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-add.sh new file mode 100755 index 000000000..a6691445e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-add.sh @@ -0,0 +1,600 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-group-cli +# Description: PKI tks-group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-group-cli-tks-group-add Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-tks-group-cli-tks-group-add.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-tks-group-cli-tks-group-add_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_tks_group_cli_tks_group_add-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + #### pki tks-group configuration test #### + + rlPhaseStartTest "pki_tks_group_cli-configtest: pki tks-group --help configuration test" + rlRun "pki tks-group --help > $TmpDir/pki_tks_group_cfg.out 2>&1" \ + 0 \ + "pki tks-group --help" + rlAssertGrep "tks-group-find Find groups" "$TmpDir/pki_tks_group_cfg.out" + rlAssertGrep "tks-group-show Show group" "$TmpDir/pki_tks_group_cfg.out" + rlAssertGrep "tks-group-add Add group" "$TmpDir/pki_tks_group_cfg.out" + rlAssertGrep "tks-group-mod Modify group" "$TmpDir/pki_tks_group_cfg.out" + rlAssertGrep "tks-group-del Remove group" "$TmpDir/pki_tks_group_cfg.out" + rlAssertGrep "tks-group-member Group member management commands" "$TmpDir/pki_tks_group_cfg.out" + rlAssertNotGrep "Error: Invalid module \"tks-group---help\"." "$TmpDir/pki_tks_group_cfg.out" + rlPhaseEnd + + #### pki tks-group-add configuration test #### + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-configtest: pki tks-group-add configuration test" + rlRun "pki tks-group-add --help > $TmpDir/pki_tks_group_add_cfg.out 2>&1" \ + 0 \ + "pki tks-group-add --help" + rlAssertGrep "usage: tks-group-add \[OPTIONS...\]" "$TmpDir/pki_tks_group_add_cfg.out" + rlAssertGrep "\--description Description" "$TmpDir/pki_tks_group_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_add_cfg.out" + rlPhaseEnd + + ##### Tests to add TKS groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-001: Add a group to TKS using TKS_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-tks-group-add-001.out" \ + 0 \ + "Add group $group1 to TKS" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-tks-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-tks-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-tks-group-add-001_1.out" \ + 0 \ + "Added group using TKS_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-tks-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-tks-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description test $group3 > $TmpDir/pki-tks-group-add-001_2.out" \ + 0 \ + "Added group using TKS_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-tks-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tks-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group4 > $TmpDir/pki-tks-group-add-001_3.out" \ + 0 \ + "Added group using TKS_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-tks-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tks-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group5 > $TmpDir/pki-tks-group-add-001_4.out " \ + 0 \ + "Added group using TKS_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-tks-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tks-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group6 > $TmpDir/pki-tks-group-add-001_5.out " \ + 0 \ + "Added group using TKS_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-tks-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tks-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group7 > $TmpDir/pki-tks-group-add-001_6.out " \ + 0 \ + "Added group using TKS_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-tks-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tks-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-tks-group-add-001_7.out" \ + 0 \ + "Added group using TKS_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tks-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tks-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-tks-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tks-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='$groupdesc' g2 > $TmpDir/pki-tks-group-add-001_8.out" \ + 0 \ + "Added group using TKS_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tks-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tks-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-010: Add a duplicate group to CA" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-011: Add a group to TKS with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-add --description=\"$desc\" g3 > $TmpDir/pki-tks-group-add-0011.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tks-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-tks-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add g7 > $TmpDir/pki-tks-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-tks-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tks-group-add-0013.out" + rlPhaseEnd + + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-014: Should not be able to add group using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-015: Should not be able to add group using a agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-016: Should not be able to add group using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert TKS_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-017: Should not be able to add group using admin user with expired cert TKS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-018: Should not be able to add group using TKS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert TKS_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using audit users##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-019: Should not be able to add group using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid auditor cert TKS_auditorV" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-020: Should not be able to add group using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TKS_operatorV" + rlPhaseEnd + + + ##### Tests to add groups using TKS_adminUTCA and TKS_agentUTCA user's certificate will be issued by an untrusted CA user##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TKS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-023: description with i18n characters" + rlLog "tks-group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='Örjan Äke' g4 > $TmpDir/pki-tks-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tks-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tks-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-024: description with i18n characters" + rlLog "tks-group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='Éric Têko' g5 > $TmpDir/pki-tks-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tks-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tks-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tks-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-025: description with i18n characters" + rlLog "tks-group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-tks-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-tks-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tks-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tks-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g6 > $TmpDir/pki-tks-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tks-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tks-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tks-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-tks-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tks-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_add-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test 'ÉricTêko' > $TmpDir/pki-tks-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-tks-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tks-group-add-001_57.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_tks_group_cli_tks_group_cleanup: Deleting groups" + + #===Deleting groups created using TKS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g$i > $TmpDir/pki-tks-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tks-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TKS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del '$grp' > $TmpDir/pki-tks-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-tks-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-tks-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-tks-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÖrjanÄke' > $TmpDir/pki-tks-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-tks-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÉricTêko' > $TmpDir/pki-tks-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-tks-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-group-add cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-del.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-del.sh new file mode 100755 index 000000000..027e6a927 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-del.sh @@ -0,0 +1,634 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-group-cli +# Description: PKI tks-group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-group-cli-tks-group-del Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-tks-group-cli-tks-group-del_tests(){ + + rlPhaseStartSetup "pki_tks_group_cli_tks_group_del-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-configtest-001: pki tks-group-del --help configuration test" + rlRun "pki tks-group-del --help > $TmpDir/tks_group_del.out 2>&1" 0 "pki tks-group-del --help" + rlAssertGrep "usage: tks-group-del " "$TmpDir/tks_group_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/tks_group_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-configtest-002: pki tks-group-del configuration test" + rlRun "pki tks-group-del > $TmpDir/tks_group_del_2.out 2>&1" 255 "pki tks-group-del" + rlAssertGrep "usage: tks-group-del " "$TmpDir/tks_group_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/tks_group_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/tks_group_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-003: Delete valid groups" + group1=tks_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to TKS using TKS_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using TKS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g$i > $TmpDir/pki-tks-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tks-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to TKS using TKS_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using TKS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del $grp > $TmpDir/pki-tks-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-tks-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-004: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del GROUP_ABC > $TmpDir/pki-tks-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-tks-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-005: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-006: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test \"$group2\" > $TmpDir/pki-tks-group-add-001_1.out" \ + 0 \ + "Added group using TKS_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del \"$group2\" > $TmpDir/pki-tks-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using TKS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tks-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-007: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test '$groupid' > $TmpDir/pki-tks-group-add-001_8.out" \ + 0 \ + "Added group using TKS_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del '$groupid' > $TmpDir/pki-tks-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using TKS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tks-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show '$groupid' > $TmpDir/pki-tks-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-tks-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-008: Delete group from TKS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-add --description=\"g1description\" g1 > $TmpDir/pki-tks-group-add-009.out" \ + 0 \ + "Add group g1 to TKS" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + group-del g1 > $TmpDir/pki-tks-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t tks option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-tks-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-009: Should not be able to delete group using a revoked cert TKS_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-tks-010.out" \ + 0 \ + "Add group g2 to TKS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g2 > $TmpDir/pki-tks-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tks-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tks-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-010: Should not be able to delete group using a agent with revoked cert TKS_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-tks-010.out" \ + 0 \ + "Add group g3 to TKS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g3 > $TmpDir/pki-tks-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tks-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tks-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-011: Should not be able to delete group using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g3 > $TmpDir/pki-tks-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tks-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tks-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-012: Should not be able to delete group using a admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g3 > $TmpDir/pki-group-show-tks-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-013: Should not be able to delete a group using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g3 > $TmpDir/pki-group-show-tks-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-014: Should not be able to delete group using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a audit cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g3 > $TmpDir/pki-group-show-tks-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-015: Should not be able to delete group using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g3 > $TmpDir/pki-group-show-tks-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-016: Should not be able to delete group using a cert created from a untrusted CA TKS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g3 > $TmpDir/pki-group-show-tks-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-017: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_del_encoded_0025pkcs10.out > $TmpDir/pki_tks_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tks_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g3 > $TmpDir/pki-tks-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g3 > $TmpDir/pki-group-show-tks-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tks-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tks-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tks-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g3 > $TmpDir/pki-group-del-tks-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-018: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-tks-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-tks-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-tks-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tks-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tks-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del-019: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-tks-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-tks-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tks-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show 'ÉricTêko' > $TmpDir/pki-group-add-tks-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-tks-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tks-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÉricTêko' > $TmpDir/pki-group-del-tks-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tks-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_del_cleanup-004: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-group-del cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-find.sh new file mode 100755 index 000000000..cccb2bb9f --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-find.sh @@ -0,0 +1,634 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-group-cli +# Description: PKI tks-group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-group-cli-tks-group-find To list groups in TKS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-tks-group-cli-tks-group-find_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_tks_group_cli_tks_group_add-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_tks_group_cli_tks_group_find-startup: Create temporary directory and add groups" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-configtest-001: pki tks-group-find --help configuration test" + rlRun "pki tks-group-find --help > $TmpDir/tks_group_find.out 2>&1" 0 "pki tks-group-find --help" + rlAssertGrep "usage: tks-group-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/tks_group_find.out" + rlAssertGrep "\--size Page size" "$TmpDir/tks_group_find.out" + rlAssertGrep "\--start Page start" "$TmpDir/tks_group_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/tks_group_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-configtest-002: pki tks-group-find configuration test" + command="pki tks-group-find" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-group-find" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --size=5 > $TmpDir/pki-tks-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tks-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --size=0 > $TmpDir/pki-tks-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-005: Find all groups, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --size=$large_num > $TmpDir/pki-tks-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-tks-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + rlLog "$randhex" + randhex_covup=${randhex^^} + rlLog "$randhex_covup" + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + #maximum_check=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "$maximum_check" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --size=$maximum_check > $TmpDir/pki-tks-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-tks-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find > $TmpDir/pki-tks-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in TKS" + group_entry_10=`cat $TmpDir/pki-tks-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=10 > $TmpDir/pki-tks-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-tks-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tks-group-find-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=10000 > $TmpDir/pki-tks-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=$maximum_check > $TmpDir/pki-tks-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=0 > $TmpDir/pki-tks-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tks-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find > $TmpDir/pki-tks-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in TKS" + group_entry_12=`cat $TmpDir/pki-tks-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=12 --size=12 > $TmpDir/pki-tks-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-tks-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-tks-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find > $TmpDir/pki-tks-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in TKS" + group_entry_12=`cat $TmpDir/pki-tks-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=12 --size=0 > $TmpDir/pki-tks-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-021: Should not be able to find group using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-022: Should not be able to find groups using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-023: Should not be able to find groups using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-024: Should not be able to find groups using admin user with expired cert TKS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-025: Should not be able to find groups using TKS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-026: Should not be able to find groups using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid auditor cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-027: Should not be able to find groups using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-028: Should not be able to find groups using a cert created from a untrusted CA TKS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using TKS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_find_encoded_0029pkcs10.out > $TmpDir/pki_tks_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tks_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --start=1 --size=5 > $TmpDir/pki-tks-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-group-find-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-tks-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --size=1000 > $TmpDir/pki-tks-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tks-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tks-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-tks-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find --size=1000 > $TmpDir/pki-tks-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tks-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tks-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-find Administrator > $TmpDir/pki-tks-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tks-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_find-033: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tks-group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using TKS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g$i > $TmpDir/pki-group-del-tks-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tks-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tks-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tks-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÉricTêko' > $TmpDir/pki-group-del-tks-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tks-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-group-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-add.sh new file mode 100755 index 000000000..9e304a64d --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-add.sh @@ -0,0 +1,1067 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-group-cli +# Description: PKI tks-group-cli-tks-group-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-group-cli-tks-group-member-add Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-group-cli-tks-group-member-add.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-tks-group-cli-tks-group-member-add_tests(){ + rlPhaseStartSetup "pki_tks_group_cli_tks_group_membership-add-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-002: pki tks-group-member configuration test" + rlRun "pki tks-group-member > $TmpDir/pki_tks_group_member_cfg.out 2>&1" \ + 0 \ + "pki tks-group-member" + rlAssertGrep "Commands:" "$TmpDir/pki_tks_group_member_cfg.out" + rlAssertGrep "tks-group-member-find Find group members" "$TmpDir/pki_tks_group_member_cfg.out" + rlAssertGrep "tks-group-member-add Add group member" "$TmpDir/pki_tks_group_member_cfg.out" + rlAssertGrep "tks-group-member-del Remove group member" "$TmpDir/pki_tks_group_member_cfg.out" + rlAssertGrep "tks-group-member-show Show group member" "$TmpDir/pki_tks_group_member_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-003: pki tks-group-member-add --help configuration test" + rlRun "pki tks-group-member-add --help > $TmpDir/pki_tks_group_member_add_cfg.out 2>&1" \ + 0 \ + "pki tks-group-member-add --help" + rlAssertGrep "usage: tks-group-member-add \[OPTIONS...\]" "$TmpDir/pki_tks_group_member_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_member_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-004: pki tks-group-member-add configuration test" + rlRun "pki tks-group-member-add > $TmpDir/pki_tks_group_member_add_2_cfg.out 2>&1" \ + 255 \ + "pki tks-group-member-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tks_group_member_add_2_cfg.out" + rlAssertGrep "usage: tks-group-member-add \[OPTIONS...\]" "$TmpDir/pki_tks_group_member_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_member_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-005: Add users to available groups using valid admin user TKS_adminV" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tks-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tks-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-show u$i > $TmpDir/pki-tks-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tks-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" u$i > $TmpDir/pki-tks-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tks-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-006: Add a user to all available groups using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tks-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tks-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-show userall > $TmpDir/pki-tks-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-tks-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" userall > $TmpDir/pki-tks-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tks-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tks-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tks-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tks-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tks-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-show user1 > $TmpDir/pki-tks-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki TKS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-tks-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tks-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tks-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"Administrators\" user1 > $TmpDir/pki-tks-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tks-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tks-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-009: Should be able to tks-group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tks-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tks-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tks-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-tks-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-tks-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-tks-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tks-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-tks-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-010: Should not be able to tks-group-member-add using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-add using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-011: Should not be able to tks-group-member-add using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-add using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-012: Should not be able to tks-group-member-add using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-add using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-013: Should not be able to tks-group-member-add using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-add using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-014: Should not be able to tks-group-member-add using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-add using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-015: Should not be able to tks-group-member-add using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-add using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-016: Should not be able to tks-group-member-add using TKS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-add using TKS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-017: Should not be able to tks-group-member-add using TKS_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-add using TKS_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-018: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" testuser1 > $TmpDir/pki-tks-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tks-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tks-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add testuser1 --input $TmpDir/pki_tks_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT tks-user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "tks-user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-tks-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tks-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tks-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find $groupid4 > $TmpDir/pki-tks-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tks-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test_user us19 > $TmpDir/pki-tks-user-add-019_4.out" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-tks-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-tks-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-tks-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-019: Should not be able to tks-group-member-add using TKS_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-add using TKS_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-020: Should not be able to add a non existing user to a group" + user="non-existing-user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-add \"$groupid6\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-021: Add a group and add a user to the group using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g1description\" g1 > $TmpDir/pki-tks-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tks-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tks-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-tks-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-tks-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-tks-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tks-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-tks-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g1 u9 > $TmpDir/pki-tks-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tks-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tks-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find g1 > $TmpDir/pki-tks-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-tks-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-022: Add two group and add a user to the two different group using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g2description\" g2 > $TmpDir/pki-tks-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tks-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tks-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g3description\" g3 > $TmpDir/pki-tks-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tks-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tks-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-tks-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-tks-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tks-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-tks-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g2 u10 > $TmpDir/pki-tks-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tks-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find g2 > $TmpDir/pki-tks-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g3 u10 > $TmpDir/pki-tks-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tks-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find g3 > $TmpDir/pki-tks-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-023: Add a group, add a user to the group and delete the group using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g4description\" gr4 > $TmpDir/pki-tks-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-tks-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-tks-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-tks-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-tks-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-tks-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tks-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-tks-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add gr4 u11 > $TmpDir/pki-tks-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-tks-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-tks-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find gr4 > $TmpDir/pki-tks-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-tks-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del gr4 > $TmpDir/pki-tks-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-tks-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-membership-find u11 > $TmpDir/pki-tks-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tks-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-024: Add a group, add a user to the group and modify the group using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g5description\" g4 > $TmpDir/pki-tks-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tks-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-tks-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-tks-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-tks-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tks-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-tks-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g4 u12 > $TmpDir/pki-tks-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-tks-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-tks-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find g4 > $TmpDir/pki-tks-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-tks-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod g4 --description=\"Modified group\" > $TmpDir/pki-tks-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tks-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-tks-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-025: Add a group, add a user to the group, run tks-user-membership-del on the user and run tks-group-member-find using valid admin user TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"g6description\" g5 > $TmpDir/pki-tks-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tks-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tks-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-tks-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-tks-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-tks-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tks-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-tks-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add g5 u13 > $TmpDir/pki-tks-group-member-add-groupadd-026.out" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-tks-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-tks-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find g5 > $TmpDir/pki-tks-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-tks-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-membership-del u13 g5 > $TmpDir/pki-tks-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-tks-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find g5 > $TmpDir/pki-tks-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tks-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-add-cleanup-001: Deleting the temp directory and users and groups" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u$i > $TmpDir/pki-user-del-tks-group-member-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-add-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u$i > $TmpDir/pki-user-del-tks-group-member-add-user-del-tks-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-add-user-del-tks-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g$i > $TmpDir/pki-user-del-tks-group-member-add-group-del-tks-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-tks-group-member-add-group-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del userall > $TmpDir/pki-group-del-tks-group-member-add-user-del-tks-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-tks-group-member-add-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del user1 > $TmpDir/pki-user-del-tks-group-member-add-user-del-tks-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tks-group-member-add-user-del-tks-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del us19 > $TmpDir/pki-user-del-tks-group-member-add-user-del-tks-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-tks-group-member-add-user-del-tks-u13-001.out" + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del testuser$i > $TmpDir/pki-group-member-add-tks-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-tks-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-group-member-add cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-del.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-del.sh new file mode 100755 index 000000000..fa2c85668 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-del.sh @@ -0,0 +1,767 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-group-cli +# Description: PKI tks-group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-group-cli-tks-group-member-del.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-tks-group-cli-tks-group-member-del_tests(){ + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + #Available groups tks-group-member-del + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-002: pki tks-group-member-del --help configuration test" + rlRun "pki tks-group-member-del --help > $TmpDir/pki_tks_group_member_del_cfg.out 2>&1" \ + 0 \ + "pki tks-group-member-del --help" + rlAssertGrep "usage: tks-group-member-del \[OPTIONS...\]" "$TmpDir/pki_tks_group_member_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_member_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-003: pki tks-group-member-del configuration test" + rlRun "pki tks-group-member-del > $TmpDir/pki_tks_group_member_del_2_cfg.out 2>&1" \ + 255 \ + "pki tks-group-member-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tks_group_member_del_2_cfg.out" + rlAssertGrep "usage: tks-group-member-del \[OPTIONS...\]" "$TmpDir/pki_tks_group_member_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_member_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-004: Delete tks-group-member when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tks-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tks-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" u$i > $TmpDir/pki-tks-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tks-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del \"$gid\" u$i > $TmpDir/pki-tks-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-tks-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-005: Delete tks-group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tks-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tks-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" userall > $TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del \"$gid\" userall > $TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-tks-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-006: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tks-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"Administrators\" user1 > $TmpDir/pki-tks-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tks-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tks-group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-007: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-tks-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-tks-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"Administrators\" user2 > $TmpDir/pki-tks-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-tks-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tks-group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-008: Should not be able to tks-group-member-del using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-009: Should not be able to tks-group-member-del using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tks-group-member using a revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-010: Should not be able to tks-group-member-del using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert TKS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-011: Should not be able to tks-group-member-del using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-del using admin user with expired cert TKS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-012: Should not be able to tks-group-member-del using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-del using TKS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-013: Should not be able to tks-group-member-del using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-del using TKS_auditV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-014: Should not be able to tks-group-member-del using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-del using TKS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-015: Should not be able to tks-group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-del using TKS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-016: Should not be able to tks-group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tks-group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-017: Delete tks-group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tks-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tks-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tks-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-tks-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tks-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tks-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-tks-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-tks-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tks-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tks-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-018: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-tks-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-tks-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-tks-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-tks-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete tks-group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-tks-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-tks-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tks-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-tks-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"Administrators\" u20 > $TmpDir/pki-tks-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-tks-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find Administrators > $TmpDir/pki-user-del-tks-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-tks-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u20 > $TmpDir/pki-user-del-tks-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find Administrators > $TmpDir/pki-user-del-tks-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-tks-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tks-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"Administrators\" testuser1 > $TmpDir/pki-tks-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tks-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.out -t "u,u,u"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-cert-add testuser1 --input $TmpDir/pki_tks_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tks-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tks-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del \"Administrators\" testuser1 > $TmpDir/pki-tks-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-tks-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TKS_HOST -p $TKS_PORT tks-user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-022: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-tks-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tks-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tks-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-tks-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"group1\" testuser2 > $TmpDir/pki-tks-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-tks-group-member-del-groupadd-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-tks-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'group1' > $TmpDir/pki-tks-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-tks-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-membership-find testuser2 > $TmpDir/pki-tks-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-tks-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-del-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u$i > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u$i > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del userall > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del user1 > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del user2 > $TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-tks-group-member-del-user-del-tks-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del user123 > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del testuser1 > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-testuser1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del testuser2 > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-testuser2.out" + + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-group-member-del cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-find.sh new file mode 100755 index 000000000..c688b978a --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-find.sh @@ -0,0 +1,797 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-group-cli +# Description: PKI tks-group-cli-tks-group-member-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-group-cli-tks-group-member-find Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-group-cli-tks-group-member-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-tks-group-cli-tks-group-member-find_tests(){ + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +#Available groups tks-group-find + groupid1="Token Key Service Manager Agents" + groupid2="Subsystem Group" + groupid3="Trusted Managers" + groupid4="Administrators" + groupid5="Auditors" + groupid6="ClonedSubsystems" + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-002: pki tks-group-member-find --help configuration test" + rlRun "pki tks-group-member-find --help > $TmpDir/pki_tks_group_member_find_cfg.out 2>&1" \ + 0 \ + "pki tks-group-member-find --help" + rlAssertGrep "usage: tks-group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_tks_group_member_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_member_find_cfg.out" + rlAssertGrep "\--size Page size" "$TmpDir/pki_tks_group_member_find_cfg.out" + rlAssertGrep "\--start Page start" "$TmpDir/pki_tks_group_member_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-003: pki tks-group-member-find configuration test" + rlRun "pki tks-group-member-find > $TmpDir/pki_tks_group_member_find_2_cfg.out 2>&1" \ + 255 \ + "pki tks-group-member-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tks_group_member_find_2_cfg.out" + rlAssertGrep "usage: tks-group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_tks_group_member_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_member_find_2_cfg.out" + rlAssertGrep "\--size Page size" "$TmpDir/pki_tks_group_member_find_2_cfg.out" + rlAssertGrep "\--start Page start" "$TmpDir/pki_tks_group_member_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-004: Find tks-group-member when user is added to different groups" + i=1 + while [ $i -lt 7 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tks-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tks-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tks-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tks-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" u$i > $TmpDir/pki-tks-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tks-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tks-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-005: Find tks-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tks-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tks-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tks-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tks-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 7 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"$gid\" userall > $TmpDir/pki-tks-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tks-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find \"$gid\" > $TmpDir/pki-tks-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tks-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-006: Find tks-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"Test group\" group1 > $TmpDir/pki-tks-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tks-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tks-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tks-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-tks-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-tks-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-tks-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tks-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add group1 user$i > $TmpDir/pki-tks-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-tks-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-tks-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 > $TmpDir/pki-tks-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tks-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-tks-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-tks-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-007: Find tks-group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 --start=5 > $TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-008: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 --start=0 > $TmpDir/pki-tks-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-009: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-010: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 --start=15 > $TmpDir/pki-tks-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-011: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-012: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 --size=0 > $TmpDir/pki-tks-group-member-find-groupadd-find-size-006.out" 0 \ + "tks-group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-013: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 --size=1 > $TmpDir/pki-tks-group-member-find-groupadd-find-size-007.out" 0 \ + "tks-group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-014: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 --size=15 > $TmpDir/pki-tks-group-member-find-groupadd-find-size-009.out" 0 \ + "tks-group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-015: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 --size=100 > $TmpDir/pki-tks-group-member-find-groupadd-find-size-0010.out" 0 \ + "tks-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tks-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-016: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "tks-group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-017: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-018: Find group members with -t tks option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-member-find group1 --size=5 > $TmpDir/pki-tks-group-member-find-018.out" \ + 0 \ + "Find tks-group-member with -t tks option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tks-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-019: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group1 --start=6 --size=5 > $TmpDir/pki-tks-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tks-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tks-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tks-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-020: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-021: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-022: Should not be able to tks-group-member-find using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert TKS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-023: Should not be able to group-member-find using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-group-member using an agent with revoked cert TKS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-024: Should not be able to tks-group-member-find using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent TKS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-025: Should not be able to tks-group-member-find using admin user with expired cert TKS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-group-member using a expired admin TKS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-026: Should not be able to tks-group-member-find using TKS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent TKS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-027: Should not be able to tks-group-member-find using TKS_auditV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid auditor TKS_auditV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-028: Should not be able to tks-group-member-find using TKS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator TKS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-029: Should not be able to tks-group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tks-group-member using a untrusted TKS_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-030: Should not be able to tks-group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted TKS_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-031:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tks-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tks-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tks-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tks-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-tks-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tks-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tks-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-tks-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tks-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tks-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-032: Find tks-group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"Test group\" group2 > $TmpDir/pki-tks-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-tks-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-tks-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tks-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-tks-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-tks-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-tks-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tks-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add group2 userid$i > $TmpDir/pki-tks-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-tks-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-tks-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-find group2 > $TmpDir/pki-tks-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tks-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tks-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-tks-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member-find-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using TKS_adminV cert===# + i=1 + while [ $i -lt 7 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u$i > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u9 > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-007.out" \ + 0 \ + "Deleted user u9" + rlAssertGrep "Deleted user \"u9\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-007.out" + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del user$i > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del userid$i > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del userall > $TmpDir/pki-user-del-tks-group-member-find-user-del-tks-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tks-group-member-find-user-del-tks-userall.out" + + + #===Deleting groups created using TKS_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'group1' > $TmpDir/pki-user-del-tks-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-tks-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'group2' > $TmpDir/pki-user-del-tks-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-tks-group2.out" + + + #===Deleting i18n group created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tks-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tks-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-group-member-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-show.sh new file mode 100755 index 000000000..5db93da45 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-show.sh @@ -0,0 +1,527 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-group-cli +# Description: PKI tks-group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-group-cli-tks-group-member-show Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tks-group-cli-tks-group-member-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-tks-group-cli-tks-group-member-show_tests(){ + rlPhaseStartSetup "pki_tks_group_cli_tks_group_member_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartTest "pki_tks_group_member_show-configtest: pki tks-group-member-show configuration test" + rlRun "pki tks-group-member-show --help > $TmpDir/pki_tks_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki tks-group-member-show" + rlAssertGrep "usage: tks-group-member-show \[OPTIONS...\]" "$TmpDir/pki_tks_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TKS groups #### + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-001: Add group to TKS using TKS_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group1 u1 > $TmpDir/pki_tks_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_tks_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_tks_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group1 U1 > $TmpDir/pki-tks-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-tks-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tks-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show TEST_GROUP u1 > $TmpDir/pki-tks-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-tks-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tks-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-008: Should not be able to show group member using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-009: Should not be able to show group member using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-010: Should not be able to show group members using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-011: Should not be able to show group members using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-012: Should not be able to show group members using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-013: Should not be able to show group members using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-014: Should not be able to show group members using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-015: Should not be able to show group members using a cert created from a untrusted CA TKS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using TKS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_tks_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tks_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group1 u1 > $TmpDir/pki-tks-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tks-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=test u3 > $TmpDir/pki-tks-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-tks-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-tks-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-tks-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-tks-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-018: Add group to TKS using TKS_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group2 u2 > $TmpDir/pki_tks_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_tks_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_tks_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-019: Add group to TKS using TKS_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using TKS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-member-show $group3 u4 > $TmpDir/pki_tks_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_tks_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_tks_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tks-group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_member_show_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using TKS_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del $grp > $TmpDir/pki-group-del-tks-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tks-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-user-del u$j > $TmpDir/pki-user-del-tks-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-tks-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tks-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tks-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-group-member-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-mod.sh new file mode 100755 index 000000000..7c316bc31 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-mod.sh @@ -0,0 +1,542 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-group-cli +# Description: PKI tks-group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-group-cli-tks-group-mod Modify existing groups in the pki tks subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-tks-group-cli-tks-group-mod.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-tks-group-cli-tks-group-mod_tests(){ + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_tks_group_cli_tks_group_mod-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then + +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +group1=tks_group +group1desc="Test tks group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test tks agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### pki_tks_group_cli_tks_group_mod-configtest #### + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-configtest-001: pki tks-group-mod configuration test" + rlRun "pki tks-group-mod --help > $TmpDir/pki_tks_group_mod_cfg.out 2>&1" \ + 0 \ + "Group modification configuration" + rlAssertGrep "usage: tks-group-mod \[OPTIONS...\]" "$TmpDir/pki_tks_group_mod_cfg.out" + rlAssertGrep "\--description Description" "$TmpDir/pki_tks_group_mod_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_mod_cfg.out" + rlPhaseEnd + + + ##### Tests to modify TKS groups #### + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-002: Modify a group's description in TKS" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tks-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tks-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tks-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + +rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-tks-group-mod-004.out" \ + 0 \ + "Modified group using TKS_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-tks-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tks-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tks-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$randsym\" g2 > $TmpDir/pki-tks-group-mod-005.out" \ + 0 \ + "Modified group using TKS_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-tks-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-tks-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=$ g3 > $TmpDir/pki-tks-group-mod-008.out" \ + 0 \ + "Modified group with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-tks-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tks-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-006: Modify a group to TKS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-tks-group-mod-007.out" \ + 0 \ + "Modified group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tks-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tks-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-008: Should not be able to modify groups using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-009: Should not be able to modify group using an agent or a revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-010: Should not be able to modify groups using a TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-011: Should not be able to modify group using a TKS_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-012: Should not be able to modify group using a TKS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using audit users##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-013: Should not be able to modify group using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an audit cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-014: Should not be able to modify group using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as TKS_operatorV" + rlPhaseEnd + +##### Tests to modify groups using TKS_adminUTCA and TKS_agentUTCA user's certificate will be issued by an untrusted TKS users##### + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-015: Should not be able to modify groups using a cert created from a untrusted CA TKS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify TKS groups with empty parameters #### + + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-017: Modify a user created group in TKS using TKS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description=\"\" g5 > $TmpDir/pki-tks-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-tks-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tks-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify TKS groups with the same value #### + + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-018: Modify a group in TKS using TKS_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show $group1 > $TmpDir/pki-tks-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tks-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tks-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tks-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tks-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tks-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify TKS groups having i18n chars in the description #### + +rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-019: Modify a groups's description having i18n chars in TKS using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-tks-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-tks-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-tks-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-tks-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated TKS groups #### + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-021: Modify Administrator group's description in TKS using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show Administrators > $TmpDir/pki-tks-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-tks-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-tks-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tks-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tks-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tks-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_mod-022: Modify Administrators group in TKS using TKS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show Administrators > $TmpDir/pki-tks-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-tks-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-mod --description=\"\" Administrators > $TmpDir/pki-tks-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tks-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tks-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_tks_group_cli_group_cleanup: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g$i > $TmpDir/pki-group-del-tks-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tks-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del $grp > $TmpDir/pki-group-del-tks-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tks-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del $i18ngroup > $TmpDir/pki-group-del-tks-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-tks-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-group-mod cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-show.sh new file mode 100755 index 000000000..befffdef0 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-show.sh @@ -0,0 +1,699 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tks-group-cli +# Description: PKI tks-group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tks-group-cli-tks-group-show Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-tks-group-cli-tks-group-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-tks-group-cli-tks-group-show_tests(){ + +rlPhaseStartSetup "pki_tks_group_cli_tks_group_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tks_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ]; then +TKS_HOST=$(eval echo \$${MYROLE}) +TKS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_auditV_user=${subsystemId}_auditV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + rlPhaseStartTest "pki_tks_group_show-configtest: pki tks-group-show configuration test" + rlRun "pki tks-group-show --help > $TmpDir/pki_tks_group_show_cfg.out 2>&1" \ + 0 \ + "pki tks-group-show" + rlAssertGrep "usage: tks-group-show \[OPTIONS...\]" "$TmpDir/pki_tks_group_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tks_group_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TKS groups #### + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-001: Add group to TKS using TKS_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TKS_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show $group1 > $TmpDir/pki-tks-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tks-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tks-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tks-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group2" \ + 0 \ + "Add group $group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show $group2 > $TmpDir/pki-tks-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-tks-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-tks-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group3" \ + 0 \ + "Add group $group3 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show $group3 > $TmpDir/pki-tks-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-tks-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tks-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group4" \ + 0 \ + "Add group $group4 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show $group4 > $TmpDir/pki-tks-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-tks-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tks-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group5" \ + 0 \ + "Add $group5 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show $group5 > $TmpDir/pki-tks-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-tks-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tks-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group6" \ + 0 \ + "Add $group6 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show $group6 > $TmpDir/pki-tks-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-tks-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tks-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test $group7" \ + 0 \ + "Add group $group7 using TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show $group7 > $TmpDir/pki-tks-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-tks-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tks-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='$desc' g1" \ + 0 \ + "Added group using TKS_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g1 > $TmpDir/pki-tks-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-tks-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tks-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tks-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description='$desc' g2" \ + 0 \ + "Added group with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g2 > $TmpDir/pki-tks-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tks-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tks-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tks-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=# g3" \ + 0 \ + "Add group g3 using pki TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g3 > $TmpDir/pki-tks-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tks-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tks-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-tks-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=* g4" \ + 0 \ + "Add group g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g4 > $TmpDir/pki-tks-group-show-001_10.out" \ + 0 \ + "Show group g4 using TKS_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-tks-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tks-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-tks-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g5 > $TmpDir/pki-tks-group-show-001_11.out" \ + 0 \ + "Show group g5 using TKS_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-tks-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tks-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tks-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki TKS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g6 > $TmpDir/pki-tks-group-show-001_12.out" \ + 0 \ + "Show group g6 using TKS_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tks-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tks-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-tks-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-014: Show group with -t tks option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-add --description=test g7" \ + 0 \ + "Adding group g7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + -t tks \ + tks-group-show g7 > $TmpDir/pki-tks-group-show-001_32.out" \ + 0 \ + "Show group g7 using TKS_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-tks-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tks-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-tks-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show G7 > $TmpDir/pki-tks-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-tks-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tks-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tks-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-017: Should not be able to show group using a revoked cert TKS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-018: Should not be able to show group using an agent with revoked cert TKS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-019: Should not be able to show group using a valid agent TKS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-020: Should not be able to show group using admin user with expired cert TKS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-021: Should not be able to show group using TKS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-022: Should not be able to show group using a TKS_auditV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_auditV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a audit cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-023: Should not be able to show group using a TKS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-024: Should not be able to show group using a cert created from a untrusted CA TKS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using TKS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$TKS_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TKS_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tks_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tks_group_show_encoded_0025pkcs10.out > $TmpDir/pki_tks_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tks_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show g7 > $TmpDir/pki-tks-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tks-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TKS_HOST -p $TKS_PORT tks-group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using TKS_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tks-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show 'ÖrjanÄke' > $TmpDir/pki-tks-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-tks-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tks-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_show-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-add --description=test 'ÉricTêko' > $TmpDir/pki-tks-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-show 'ÉricTêko' > $TmpDir/pki-tks-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-tks-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tks-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_group_cli_tks_group_cleanup: Deleting the temp directory and groups" + + #===Deleting groups created using TKS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del g$i > $TmpDir/pki-tks-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tks-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TKS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del $grp > $TmpDir/pki-group-del-tks-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tks-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TKS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tks-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tks-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TKS_HOST \ + -p $TKS_PORT \ + tks-group-del 'ÉricTêko' > $TmpDir/pki-group-del-tks-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tks-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-group-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-add.sh new file mode 100755 index 000000000..15353be70 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-add.sh @@ -0,0 +1,599 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-group-cli +# Description: PKI tps-group-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-group-cli-tps-group-add Add group to pki subsystems. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#create-role-users.sh should be first executed prior to pki-tps-group-cli-tps-group-add.sh +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-tps-group-cli-tps-group-add_tests(){ +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_tps_group_cli_tps_group_add-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + #### pki tps-group configuration test #### + + rlPhaseStartTest "pki_tps_group_cli-configtest: pki tps-group --help configuration test" + rlRun "pki tps-group --help > $TmpDir/pki_tps_group_cfg.out 2>&1" \ + 0 \ + "pki tps-group --help" + rlAssertGrep "tps-group-find Find groups" "$TmpDir/pki_tps_group_cfg.out" + rlAssertGrep "tps-group-show Show group" "$TmpDir/pki_tps_group_cfg.out" + rlAssertGrep "tps-group-add Add group" "$TmpDir/pki_tps_group_cfg.out" + rlAssertGrep "tps-group-mod Modify group" "$TmpDir/pki_tps_group_cfg.out" + rlAssertGrep "tps-group-del Remove group" "$TmpDir/pki_tps_group_cfg.out" + rlAssertGrep "tps-group-member Group member management commands" "$TmpDir/pki_tps_group_cfg.out" + rlAssertNotGrep "Error: Invalid module \"tps-group---help\"." "$TmpDir/pki_tps_group_cfg.out" + rlPhaseEnd + + #### pki tps-group-add configuration test #### + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-configtest: pki tps-group-add configuration test" + rlRun "pki tps-group-add --help > $TmpDir/pki_tps_group_add_cfg.out 2>&1" \ + 0 \ + "pki tps-group-add --help" + rlAssertGrep "usage: tps-group-add \[OPTIONS...\]" "$TmpDir/pki_tps_group_add_cfg.out" + rlAssertGrep "\--description Description" "$TmpDir/pki_tps_group_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_add_cfg.out" + rlPhaseEnd + + ##### Tests to add TPS groups using a user of admin group with a valid cert#### + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-001: Add a group to TPS using TPS_adminV" + group1=new_group1 + group_desc1="New Group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$group_desc1\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$group_desc1\" $group1 > $TmpDir/pki-tps-group-add-001.out" \ + 0 \ + "Add group $group1 to TPS" + rlAssertGrep "Added group \"$group1\"" "$TmpDir/pki-tps-group-add-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-add-001.out" + rlAssertGrep "Description: $group_desc1" "$TmpDir/pki-tps-group-add-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-002:maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"Test Group\" \"$group2\" > $TmpDir/pki-tps-group-add-001_1.out" \ + 0 \ + "Added group using TPS_adminV with maximum group id length" + actual_groupid_string=`cat $TmpDir/pki-tps-group-add-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: Test Group" "$TmpDir/pki-tps-group-add-001_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-003:Group id with # character" + group3=abc# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description test $group3 > $TmpDir/pki-tps-group-add-001_2.out" \ + 0 \ + "Added group using TPS_adminV, group id with # character" + rlAssertGrep "Added group \"$group3\"" "$TmpDir/pki-tps-group-add-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tps-group-add-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-004:Group id with $ character" + group4=abc$ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group4 > $TmpDir/pki-tps-group-add-001_3.out" \ + 0 \ + "Added group using TPS_adminV, group id with $ character" + rlAssertGrep "Added group \"$group4\"" "$TmpDir/pki-tps-group-add-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tps-group-add-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-005:Group id with @ character" + group5=abc@ + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group5 > $TmpDir/pki-tps-group-add-001_4.out " \ + 0 \ + "Added group using TPS_adminV, group id with @ character" + rlAssertGrep "Added group \"$group5\"" "$TmpDir/pki-tps-group-add-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tps-group-add-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-006:Group id with ? character" + group6=abc? + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group6 > $TmpDir/pki-tps-group-add-001_5.out " \ + 0 \ + "Added group using TPS_adminV, group id with ? character" + rlAssertGrep "Added group \"$group6\"" "$TmpDir/pki-tps-group-add-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tps-group-add-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-007:Group id as 0" + group7=0 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group7 > $TmpDir/pki-tps-group-add-001_6.out " \ + 0 \ + "Added group using TPS_adminV, group id 0" + rlAssertGrep "Added group \"$group7\"" "$TmpDir/pki-tps-group-add-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tps-group-add-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-add-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-008:--description with maximum length" + groupdesc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$groupdesc\" g1 2>&1> $TmpDir/pki-tps-group-add-001_7.out" \ + 0 \ + "Added group using TPS_adminV with maximum --description length" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tps-group-add-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-add-001_7.out" + rlAssertGrep "Description: $groupdesc" "$TmpDir/pki-tps-group-add-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-add-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-009:--desccription with maximum length and symbols" + rand_groupdesc=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupdesc=$(echo $rand_groupdesc | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='$groupdesc' g2 > $TmpDir/pki-tps-group-add-001_8.out" \ + 0 \ + "Added group using TPS_adminV with maximum --desc length and character symbols in it" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tps-group-add-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-add-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-add-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $groupdesc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $groupdesc found" + else + rlFail "Description: $groupdesc not found" + fi + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-010: Add a duplicate group to TPS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='Duplicate Group' $group1" + errmsg="ConflictingOperationException: Entry already exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki group-add should fail on an attempt to add a duplicate group" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-011: Add a group to TPS with -t option" + desc="Test Group" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-add --description=\"$desc\" g3" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-add --description=\"$desc\" g3 > $TmpDir/pki-tps-group-add-0011.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tps-group-add-0011.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-add-0011.out" + rlAssertGrep "Description: $desc" "$TmpDir/pki-tps-group-add-0011.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-012: Add a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='$group1'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- missing required option group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-013: Add a group -- missing required option --description" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add g7" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add g7 > $TmpDir/pki-tps-group-add-0013.out" 0 "Successfully added group without description option" + rlAssertGrep "Added group \"g7\"" "$TmpDir/pki-tps-group-add-0013.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tps-group-add-0013.out" + rlPhaseEnd + + + ##### Tests to add groups using revoked cert##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-014: Should not be able to add group using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked admin cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-015: Should not be able to add group using a agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a revoked agent cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + + ##### Tests to add groups using an agent user##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-016: Should not be able to add group using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid agent cert TPS_agentV" + rlPhaseEnd + + + ##### Tests to add groups using expired cert##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-017: Should not be able to add group using admin user with expired cert TPS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired admin cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-018: Should not be able to add group using TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using an expired agent cert TPS_agentE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to add groups using officer users##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-019: Should not be able to add group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using a valid officer cert TPS_officerV" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + ##### Tests to add groups using operator user### + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-020: Should not be able to add group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='$desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TPS_operatorV" + rlPhaseEnd + + + ##### Tests to add groups using TPS_adminUTCA and TPS_agentUTCA user's certificate will be issued by an untrusted CA user##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-021: Should not be able to add group using a cert created from a untrusted CA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description='$desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-022: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-add --description=test '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Add Group -- group id exceeds max limit" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-023: description with i18n characters" + rlLog "tps-group-add description Örjan Äke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='Örjan Äke' g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='Örjan Äke' g4 > $TmpDir/pki-tps-group-add-001_51.out 2>&1" \ + 0 \ + "Adding g4 with description Örjan Äke" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tps-group-add-001_51.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-add-001_51.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tps-group-add-001_51.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-024: description with i18n characters" + rlLog "tps-group-add description Éric Têko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='Éric Têko' g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='Éric Têko' g5 > $TmpDir/pki-tps-group-add-001_52.out 2>&1" \ + 0 \ + "Adding g5 with description Éric Têko" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tps-group-add-001_52.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-add-001_52.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tps-group-add-001_52.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-025: description with i18n characters" + rlLog "tps-group-add description éénentwintig dvidešimt with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='éénentwintig dvidešimt' g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='éénentwintig dvidešimt' g6 > $TmpDir/pki-tps-group-add-001_53.out 2>&1" \ + 0 \ + "Adding description éénentwintig dvidešimt with i18n characters" + rlAssertGrep "Added group \"g6\"" "$TmpDir/pki-tps-group-add-001_53.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tps-group-add-001_53.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tps-group-add-001_53.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g6" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g6 > $TmpDir/pki-tps-group-add-001_53_2.out 2>&1" \ + 0 \ + "Show group g6 with description éénentwintig dvidešimt in i18n characters" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tps-group-add-001_53_2.out" + rlAssertGrep "Description: éénentwintig dvidešimt" "$TmpDir/pki-tps-group-add-001_53_2.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-026: group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tps-group-add-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-tps-group-add-001_56.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tps-group-add-001_56.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_add-027: groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test 'ÉricTêko' > $TmpDir/pki-tps-group-add-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-tps-group-add-001_57.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tps-group-add-001_57.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_group_cli_tps_group_cleanup: Deleting groups" + + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g$i > $TmpDir/pki-tps-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tps-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del '$grp' > $TmpDir/pki-tps-group-del-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + actual_delete_group_string=`cat $TmpDir/pki-tps-group-del-group-symbol-00$j.out | grep 'Deleted group' | xargs echo` + expected_delete_group_string="Deleted group $grp" + if [[ $actual_delete_group_string = $expected_delete_group_string ]] ; then + rlPass "Deleted group \"$grp\" found in $TmpDir/pki-tps-group-del-group-symbol-00$j.out" + else + rlFail "Deleted group \"$grp\" not found in $TmpDir/pki-tps-group-del-group-symbol-00$j.out" + fi + let j=$j+1 + done + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÖrjanÄke' > $TmpDir/pki-tps-group-del-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-tps-group-del-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÉricTêko' > $TmpDir/pki-tps-group-del-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-tps-group-del-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-group-add cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-del.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-del.sh new file mode 100755 index 000000000..f16a43668 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-del.sh @@ -0,0 +1,634 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-group-cli +# Description: PKI tps-group-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-group-cli-tps-group-del Delete pki subsystem groups. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-tps-group-cli-tps-group-del_tests(){ + + rlPhaseStartSetup "pki_tps_group_cli_tps_group_del-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-configtest-001: pki tps-group-del --help configuration test" + rlRun "pki tps-group-del --help > $TmpDir/tps_group_del.out 2>&1" 0 "pki tps-group-del --help" + rlAssertGrep "usage: tps-group-del " "$TmpDir/tps_group_del.out" + rlAssertGrep "\--help Show help options" "$TmpDir/tps_group_del.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-configtest-002: pki tps-group-del configuration test" + rlRun "pki tps-group-del > $TmpDir/tps_group_del_2.out 2>&1" 255 "pki tps-group-del" + rlAssertGrep "usage: tps-group-del " "$TmpDir/tps_group_del_2.out" + rlAssertGrep " --help Show help options" "$TmpDir/tps_group_del_2.out" + rlAssertNotGrep "ResteasyIOException: IOException" "$TmpDir/tps_group_del_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-003: Delete valid groups" + group1=tps_group + group1desc="Test group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + #positive test cases + #Add groups to TPS using TPS_adminV cert + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test_group g$i" + let i=$i+1 + done + + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g$i > $TmpDir/pki-tps-group-del-group1-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tps-group-del-group1-00$i.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g$i" + errmsg="GroupNotFoundException: Group g$i not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let i=$i+1 + done + #Add groups to TPS using TPS_adminV cert + i=1 + while [ $i -lt 8 ] ; do + eval grp=\$group$i + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test_group $grp" + let i=$i+1 + done + + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del $grp " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del $grp > $TmpDir/pki-tps-group-del-group2-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-tps-group-del-group2-00$j.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show $grp" + errmsg="GroupNotFoundException: Group $grp not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group should not exist" + let j=$j+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-004: Case sensitive groupid" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test_group group_abc" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del GROUP_ABC > $TmpDir/pki-tps-group-del-group-002_1.out" \ + 0 \ + "Deleted group GROUP_ABC groupid is not case sensitive" + rlAssertGrep "Deleted group \"GROUP_ABC\"" "$TmpDir/pki-tps-group-del-group-002_1.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show group_abc" + errmsg="GroupNotFoundException: Group group_abc not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group group_abc should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-005: Delete group when required option group id is missing" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-del" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot delete a group without groupid" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-006: Maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test \"$group2\" > $TmpDir/pki-tps-group-add-001_1.out" \ + 0 \ + "Added group using TPS_adminV with maximum group id length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del \"$group2\" > $TmpDir/pki-tps-group-del-group-006.out" \ + 0 \ + "Deleting group with maximum group id length using TPS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tps-group-del-group-006.out | grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group \"$group2\" found" + else + rlFail "Deleted group \"$group2\" not found" + fi + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show \"$group2\"" + errmsg="GroupNotFoundException: Group \"$group2\" not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group with max length should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-007: groupid with maximum length and symbols" + rand_groupid=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + groupid=$(echo $rand_groupid | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test '$groupid' > $TmpDir/pki-tps-group-add-001_8.out" \ + 0 \ + "Added group using TPS_adminV with maximum groupid length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del '$groupid' > $TmpDir/pki-tps-group-del-group-007.out" \ + 0 \ + "Deleting group with maximum group id length and character symbols using TPS_adminV" + actual_groupid_string=`cat $TmpDir/pki-tps-group-del-group-007.out| grep 'Deleted group' | xargs echo` + expected_groupid_string="Deleted group $groupid" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Deleted group $groupid found" + else + rlFail "Deleted group $groupid not found" + fi + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show '$groupid' > $TmpDir/pki-tps-group-del-group-007_2.out 2>&1" \ + 255 \ + "Verify expected error message - deleted group with max length and character symbols should not exist" + actual_error_string=`cat $TmpDir/pki-tps-group-del-group-007_2.out| grep 'GroupNotFoundException:' | xargs echo` + expected_error_string="GroupNotFoundException: Group $groupid not found" + if [[ $actual_error_string = $expected_error_string ]] ; then + rlPass "GroupNotFoundException: Group $groupid not found message found" + else + rlFail "GroupNotFoundException: Group $groupid not found message not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-008: Delete group from TPS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-add --description=\"g1description\" g1 > $TmpDir/pki-tps-group-add-009.out" \ + 0 \ + "Add group g1 to TPS" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + group-del g1 > $TmpDir/pki-tps-group-del-group-009.out" \ + 0 \ + "Deleting group g1 using -t tps option" + rlAssertGrep "Deleted group \"g1\"" "$TmpDir/pki-tps-group-del-group-009.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g1" + errmsg="GroupNotFoundException: Group g1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group g1 should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-009: Should not be able to delete group using a revoked cert TPS_adminR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g2description\" g2 > $TmpDir/pki-group-add-tps-010.out" \ + 0 \ + "Add group g2 to TPS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-del g2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g2 using a admin having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g2 > $TmpDir/pki-tps-group-show-001.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tps-group-show-001.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-010: Should not be able to delete group using a agent with revoked cert TPS_agentR" + #Add a group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g3description\" g3 > $TmpDir/pki-group-add-tps-010.out" \ + 0 \ + "Add group g3 to TPS" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent having a revoked cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g3 > $TmpDir/pki-tps-group-show-002.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tps-group-show-002.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-show-002.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tps-group-show-002.out" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-011: Should not be able to delete group using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a valid agent cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g3 > $TmpDir/pki-tps-group-show-003.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tps-group-show-003.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-show-003.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tps-group-show-003.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-012: Should not be able to delete group using a admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using an expired admin cert" + #Set datetime back on original + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g3 > $TmpDir/pki-group-show-tps-004.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-004.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-004.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-013: Should not be able to delete a group using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a agent cert" + + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='-2 days'" 0 "Set System back to the present day" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g3 > $TmpDir/pki-group-show-tps-005.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-005.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-005.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-005.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-014: Should not be able to delete group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a officer cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g3 > $TmpDir/pki-group-show-tps-006.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-006.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-006.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-015: Should not be able to delete group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-del g3" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a operator cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g3 > $TmpDir/pki-group-show-tps-007.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-007.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-007.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-016: Should not be able to delete group using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-del g3" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to delete group g3 using a untrusted cert" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g3 > $TmpDir/pki-group-show-tps-008.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-008.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-017: Should not be able to delete group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_del_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_del_encoded_0025pkcs10.out > $TmpDir/pki_tps_group_del_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tps_group_del_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g3" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g3 > $TmpDir/pki-tps-group-del-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-del-pkiUser1-0025.out" + #Make sure group is not deleted + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g3 > $TmpDir/pki-group-show-tps-009.out" \ + 0 \ + "Show group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-group-show-tps-009.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-group-show-tps-009.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-group-show-tps-009.out" + + #Cleanup:delete group g3 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g3 > $TmpDir/pki-group-del-tps-018.out 2>&1" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-018: delete group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-group-add-tps-001_19.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlAssertGrep "Added group \"ÖrjanÄke\"" "$TmpDir/pki-group-add-tps-001_19.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-group-add-tps-001_19.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-001_19_3.out 2>&1" \ + 0 \ + "Deleted gid ÖrjanÄke with i18n characters" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-001_19_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show 'ÖrjanÄke'" + errmsg="GroupNotFoundException: Group ÖrjanÄke not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÖrjanÄke' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del-019: delete groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test 'ÉricTêko' > $TmpDir/pki-group-add-tps-001_20.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlAssertGrep "Added group \"ÉricTêko\"" "$TmpDir/pki-group-add-tps-001_20.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tps-001_20.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show 'ÉricTêko' > $TmpDir/pki-group-add-tps-001_20_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-group-add-tps-001_20_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-group-add-tps-001_20_2.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÉricTêko' > $TmpDir/pki-group-del-tps-001_20_3.out 2>&1" \ + 0 \ + "Delete gid ÉricTêko with i18n characters" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tps-001_20_3.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show 'ÉricTêko'" + errmsg="GroupNotFoundException: Group ÉricTêko not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - deleted group 'ÉricTêko' should not exist" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_del_cleanup-004: Deleting the temp directory" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-group-del cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-find.sh new file mode 100755 index 000000000..bf23eaf26 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-find.sh @@ -0,0 +1,631 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-group-cli +# Description: PKI tps-group-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-group-cli-tps-group-find To list groups in TPS. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-tps-group-cli-tps-group-find_tests(){ +#### Create Temporary directory #### + + rlPhaseStartSetup "pki_tps_group_cli_tps_group_add-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV + rlPhaseStartSetup "pki_tps_group_cli_tps_group_find-startup: Create temporary directory and add groups" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test_group g$i" + let i=$i+1 + done + rlPhaseEnd + +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-configtest-001: pki tps-group-find --help configuration test" + rlRun "pki tps-group-find --help > $TmpDir/tps_group_find.out 2>&1" 0 "pki tps-group-find --help" + rlAssertGrep "usage: tps-group-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/tps_group_find.out" + rlAssertGrep "\--size Page size" "$TmpDir/tps_group_find.out" + rlAssertGrep "\--start Page start" "$TmpDir/tps_group_find.out" + rlAssertGrep "\--help Show help options" "$TmpDir/tps_group_find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-configtest-002: pki tps-group-find configuration test" + command="pki tps-group-find" + errmsg="ProcessingException: Unable to invoke request" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-group-find" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-003: Find 5 groups, --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --size=5 > $TmpDir/pki-tps-group-find-001.out 2>&1" \ + 0 \ + "Found 5 groups" + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-group-find-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-004: Find no group, --size=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --size=0 > $TmpDir/pki-tps-group-find-002.out 2>&1" \ + 0 \ + "Found no groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-005: Find all groups, large value as input" + large_num=1000000 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --size=$large_num > $TmpDir/pki-tps-group-find-003.out 2>&1" \ + 0 \ + "Find all groups, large value as input" + result=`cat $TmpDir/pki-tps-group-find-003.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-006: Find all groups, --size with maximum possible value as input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup" | BC_LINE_LENGTH=0 bc) + rlLog "$maximum_check" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --size=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --size=$maximum_check > $TmpDir/pki-tps-group-find-003_2.out 2>&1" \ + 0 \ + "Find all groups, maximum possible value as input" + result=`cat $TmpDir/pki-tps-group-find-003_2.out | grep "Number of entries returned"` + number=`echo $result | cut -d " " -f 5` + if [ $number -gt 25 ] ; then + rlPass "Number of entries returned is more than 25 as expected" + else + + rlFail "Number of entries returned is not expected, Got: $number, Expected: > 25" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-007: Find all groups, --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --size=$maximum_check" + errmsg="NumberFormatException: For input string: $maximum_check" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - More than maximum possible value as input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-008: Find groups, check for negative input --size=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --size=-1" + errmsg="size should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-009: Find groups for size input as noninteger, --size=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --size=$size_noninteger" + errmsg="NumberFormatException: For input string: $size_noninteger" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with characters should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-010: Find groups, check for no input --size=" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --size=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - size with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-011: Find groups, --start=10" + #Find the 10th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find > $TmpDir/pki-tps-group-find-007_1.out 2>&1" \ + 0 \ + "Get all groups in TPS" + group_entry_10=`cat $TmpDir/pki-tps-group-find-007_1.out | grep "Group ID" | head -11 | tail -1` + rlLog "10th entry=$group_entry_10" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=10 > $TmpDir/pki-tps-group-find-007.out 2>&1" \ + 0 \ + "Displays groups from the 10th group and the next to the maximum 20 groups, if available " + #First group in the response should be the 10th group $group_entry_10 + group_entry_1=`cat $TmpDir/pki-tps-group-find-007.out | grep "Group ID" | head -1` + rlLog "1st entry=$group_entry_1" + if [ "$group_entry_1" = "$group_entry_10" ]; then + rlPass "Displays groups from the 10th group" + else + rlFail "Display did not start from the 10th group" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-012: Find groups, --start=10000, large possible input" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=10000 > $TmpDir/pki-tps-group-find-008.out 2>&1" \ + 0 \ + "Find users, --start=10000, large possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-008.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-013: Find groups, --start with maximum possible input" + randhex=$(openssl rand -hex 3 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=$maximum_check" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=$maximum_check > $TmpDir/pki-tps-group-find-008_2.out 2>&1" \ + 0 \ + "Find groups, --start with maximum possible input" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-008_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-014: Find groups, --start with more than maximum possible input" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Find users, --start with more than maximum possible input should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-015: Find groups, --start=0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=0 > $TmpDir/pki-tps-group-find-009.out 2>&1" \ + 0 \ + "Displays from the zeroth user, maximum possible are 20 users in a page" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tps-group-find-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-016: Find groups, --start=-1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=-1" + errmsg="start should not have value less than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with negative value should fail" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-017: Find groups for size input as noninteger, --start=abc" + size_noninteger="abc" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=$size_noninteger" + errmsg="NumberFormatException: For input string: \"$size_noninteger\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with non integer value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-018: Find groups, check for no input --start= " + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=" + errmsg="NumberFormatException: For input string: \"""\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - start with empty value should fail" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-019: Find groups, --size=12 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find > $TmpDir/pki-tps-group-find-00_13_1.out 2>&1" \ + 0 \ + "Get all groups in TPS" + group_entry_12=`cat $TmpDir/pki-tps-group-find-00_13_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=12 --size=12 > $TmpDir/pki-tps-group-find-0013.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and the next to the maximum 12 groups" + #First group in the response should be the 12th group $group_entry_12 + group_entry_1=`cat $TmpDir/pki-tps-group-find-0013.out | grep "Group ID" | head -1` + if [ "$group_entry_1" = "$group_entry_12" ]; then + rlPass "Displays groups from the 12th group" + else + rlFail "Display did not start from the 12th group" + fi + rlAssertGrep "Number of entries returned 12" "$TmpDir/pki-tps-group-find-0013.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-020: Find groups, --size=0 --start=12" + #Find 12 groups starting from 12th group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find > $TmpDir/pki-tps-group-find-00_14_1.out 2>&1" \ + 0 \ + "Get all groups in TPS" + group_entry_12=`cat $TmpDir/pki-tps-group-find-00_14_1.out | grep "Group ID" | head -13 | tail -1` + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=12 --size=0 > $TmpDir/pki-tps-group-find-0014.out 2>&1" \ + 0 \ + "Displays groups from the 12th group and 0 groups" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-find-0014.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-021: Should not be able to find group using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked admin cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-022: Should not be able to find groups using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find users using a revoked agent cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-023: Should not be able to find groups using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-024: Should not be able to find groups using admin user with expired cert TPS_adminE" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-025: Should not be able to find groups using TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a expired agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-026: Should not be able to find groups using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-027: Should not be able to find groups using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=1 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using a valid operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-028: Should not be able to find groups using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find --start=1 --size=5" + errmsg="PKIException: Unauthorized" + errocode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to find groups using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-029: Should not be able to find groups using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_find_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_find_encoded_0029pkcs10.out > $TmpDir/pki_tps_group_find_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tps_group_find_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=1 --size=5" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --start=1 --size=5 > $TmpDir/pki-tps-group-find-pkiUser1-002.out 2>&1" 255 "Should not be able to find groups using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-find-pkiUser1-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-030: find groups when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='Örjan Äke' 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='Örjan Äke' 'ÖrjanÄke' > $TmpDir/pki-tps-group-find-001_31.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --size=1000 > $TmpDir/pki-tps-group-show-001_31_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tps-group-show-001_31_2.out" + rlAssertGrep "Description: Örjan Äke" "$TmpDir/pki-tps-group-show-001_31_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-031: find group when group id has i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='Éric Têko' 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='Éric Têko' 'ÉricTêko' > $TmpDir/pki-tps-group-show-001_32.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --size=1000" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find --size=1000 > $TmpDir/pki-tps-group-show-001_32_2.out" \ + 0 \ + "Find group with max size" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tps-group-show-001_32_2.out" + rlAssertGrep "Description: Éric Têko" "$TmpDir/pki-tps-group-show-001_32_2.out" + rlPhaseEnd + + #pki group-find with filters + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-032: find group - filter 'Administrator'" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find Administrator" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-find Administrator > $TmpDir/pki-tps-group-show-033.out" \ + 0 \ + "Find group with Keyword Administrator" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tps-group-show-033.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_find-033: find group should fail when filter keyword has less than 3 characters" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-find CA" + errmsg="BadRequestException: Filter is too short." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - pki tps-group-find should fail if the filter has less than 3 characters" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_group_cleanup-001: Deleting groups" + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g$i > $TmpDir/pki-group-del-tps-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tps-group-00$i.out" + let i=$i+1 + done + + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÉricTêko' > $TmpDir/pki-group-del-tps-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tps-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-group-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-add.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-add.sh new file mode 100755 index 000000000..972c26d34 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-add.sh @@ -0,0 +1,1065 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-group-cli +# Description: PKI tps-group-cli-tps-group-membership-add CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-group-cli-tps-group-member-add Add group member. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-group-cli-tps-group-member-add.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-tps-group-cli-tps-group-member-add_tests(){ + rlPhaseStartSetup "pki_tps_group_cli_tps_group_membership-add-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-002: pki tps-group-member configuration test" + rlRun "pki tps-group-member > $TmpDir/pki_tps_group_member_cfg.out 2>&1" \ + 0 \ + "pki tps-group-member" + rlAssertGrep "Commands:" "$TmpDir/pki_tps_group_member_cfg.out" + rlAssertGrep "tps-group-member-find Find group members" "$TmpDir/pki_tps_group_member_cfg.out" + rlAssertGrep "tps-group-member-add Add group member" "$TmpDir/pki_tps_group_member_cfg.out" + rlAssertGrep "tps-group-member-del Remove group member" "$TmpDir/pki_tps_group_member_cfg.out" + rlAssertGrep "tps-group-member-show Show group member" "$TmpDir/pki_tps_group_member_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-003: pki tps-group-member-add --help configuration test" + rlRun "pki tps-group-member-add --help > $TmpDir/pki_tps_group_member_add_cfg.out 2>&1" \ + 0 \ + "pki tps-group-member-add --help" + rlAssertGrep "usage: tps-group-member-add \[OPTIONS...\]" "$TmpDir/pki_tps_group_member_add_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_member_add_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-004: pki tps-group-member-add configuration test" + rlRun "pki tps-group-member-add > $TmpDir/pki_tps_group_member_add_2_cfg.out 2>&1" \ + 255 \ + "pki tps-group-member-add" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tps_group_member_add_2_cfg.out" + rlAssertGrep "usage: tps-group-member-add \[OPTIONS...\]" "$TmpDir/pki_tps_group_member_add_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_member_add_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-005: Add users to available groups using valid admin user TPS_adminV" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-group-member-add-group-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-group-member-add-group-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-add-group-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-add-group-add-00$i.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-show u$i > $TmpDir/pki-tps-group-member-add-group-show-00$i.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"u$i\"" "$TmpDir/pki-tps-group-member-add-group-show-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-add-group-show-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-add-group-show-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" u$i > $TmpDir/pki-tps-group-member-add-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tps-group-member-add-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-add-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-add-groupadd-find-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-add-groupadd-find-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-006: Add a user to all available groups using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-group-member-add-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-group-member-add-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-add-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-add-user-add-userall-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-show userall > $TmpDir/pki-tps-group-member-add-user-show-userall-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"userall\"" "$TmpDir/pki-tps-group-member-add-user-show-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-add-user-show-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-add-user-show-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" userall > $TmpDir/pki-tps-group-member-add-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tps-group-member-add-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-add-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-add-groupadd-find-userall-00$i.out" \ + 0 \ + "User added to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-add-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-007: Add a user to same group multiple times" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tps-group-member-add-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tps-group-member-add-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-group-member-add-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-group-member-add-user-add-user1-001.out" + rlLog "Showing the user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-show user1 > $TmpDir/pki-tps-group-member-add-user-show-user1-001.out" \ + 0 \ + "Show pki TPS_adminV user" + rlAssertGrep "User \"user1\"" "$TmpDir/pki-tps-group-member-add-user-show-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-group-member-add-user-show-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-group-member-add-user-show-user1-001.out" + rlLog "Adding the user to the same groups twice" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"Administrators\" user1 > $TmpDir/pki-tps-group-member-add-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tps-group-member-add-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"Administrators\" user1" + errmsg="ConflictingOperationException: Attribute or value exists." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - cannot add user to the same group more than once" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-008: should not be able to add user to a non existing group" + dummy_group="nonexisting_bogus_group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tps-group-member-add-user-add-user1-008.out" \ + 0 \ + "Adding user testuser1" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"$dummy_group\" testuser1" + errmsg="GroupNotFoundException: Group $dummy_group not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - should not be able to add user to a non existing group" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-009: Should be able to tps-group-member-add groupid with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=u14 u14" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName='u14' u14" \ + 0 \ + "Adding uid u14" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-group-member-add-groupadd-010_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-group-member-add-groupadd-010_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-group-member-add-groupadd-010_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-group-member-add-groupadd-010_1.out" + rlLog "Adding the user to the dadministʁasjɔ̃ group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"dadministʁasjɔ̃\" u14 > $TmpDir/pki-tps-group-member-add-groupadd-010_2.out" \ + 0 \ + "Adding user u14 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u14\"" "$TmpDir/pki-tps-group-member-add-groupadd-010_2.out" + rlAssertGrep "User: u14" "$TmpDir/pki-tps-group-member-add-groupadd-010_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tps-group-member-add-groupadd-find-010_3.out" \ + 0 \ + "Check user u14 added to group dadministʁasjɔ̃" + rlAssertGrep "User: u14" "$TmpDir/pki-tps-group-member-add-groupadd-find-010_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-010: Should not be able to tps-group-member-add using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-add using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-011: Should not be able to tps-group-member-add using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"$groupid7\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-add using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-012: Should not be able to tps-group-member-add using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-add using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-013: Should not be able to tps-group-member-add using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-add using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-014: Should not be able to tps-group-member-add using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-add using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-015: Should not be able to tps-group-member-add using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-add using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-016: Should not be able to tps-group-member-add using TPS_adminUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-add using TPS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-017: Should not be able to tps-group-member-add using TPS_agentUTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"Administrators\" testuser1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-add using TPS_agentUTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-018: User associated with Administrators group only can create a new user" + i=2 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + if [ "$gid" = "Administrators" ] ; then + rlLog "Not adding testuser1 to $gid group" + else + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" testuser1 > $TmpDir/pki-tps-group-member-add-groupadd-testuser1-00$i.out" \ + 0 \ + "Adding user testuser1 to group \"$gid\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tps-group-member-add-groupadd-testuser1-00$i.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tps-group-member-add-groupadd-testuser1-00$i.out" + fi + let i=$i+1 + done + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.out > $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"testuser1\" -i $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.pem -t \"u,u,u\"" + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add testuser1 --input $TmpDir/pki_tps_group_member_add_encoded_0019pkcs10.pem > $TmpDir/useraddcert_019_2.out" \ + 0 \ + "Cert is added to the user testuser1" + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT tps-user-add --fullName=test_user u39" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "tps-user-add operation should fail when authenticating using a user cert" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + + #Add testuser1 to Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$groupid4\" testuser1 > $TmpDir/pki-tps-group-member-add-groupadd-usertest1-019_2.out 2>&1" \ + 0 \ + "Adding user testuser1 to group \"$groupid4\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tps-group-member-add-groupadd-usertest1-019_2.out" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tps-group-member-add-groupadd-usertest1-019_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find $groupid4 > $TmpDir/pki-tps-group-member-add-groupadd-find-usertest1-019_3.out" \ + 0 \ + "Check group-member for user testuser1" + rlAssertGrep "User: testuser1" "$TmpDir/pki-tps-group-member-add-groupadd-find-usertest1-019_3.out" + + #Trying to add a user using testuser1 should succeed now since testuser1 is in Administrators group + rlRun "pki -d $TEMP_NSS_DB \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=test_user us19 > $TmpDir/pki-tps-user-add-019_4.out" \ + 0 \ + "Added new user using Admin user testuser1" + rlAssertGrep "Added user \"us19\"" "$TmpDir/pki-tps-user-add-019_4.out" + rlAssertGrep "User ID: us19" "$TmpDir/pki-tps-user-add-019_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-tps-user-add-019_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-019: Should not be able to tps-group-member-add using TPS_agentV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"Administrators\" testuser1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-add using TPS_agentV cert" + rlPhaseEnd + + #Usability test + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-020: Should not be able to add a non existing user to a group" + user="non-existing-user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-add \"$groupid6\" $user" + errmsg="UserNotFoundException: User $user not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add group-member to user that does not exist" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/1024" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-021: Add a group and add a user to the group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g1description\" g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g1description\" g1 > $TmpDir/pki-tps-group-member-add-group-add-022.out" \ + 0 \ + "Adding group g1" + rlAssertGrep "Added group \"g1\"" "$TmpDir/pki-tps-group-member-add-group-add-022.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-member-add-group-add-022.out" + rlAssertGrep "Description: g1description" "$TmpDir/pki-tps-group-member-add-group-add-022.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu9\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu9\" u9 > $TmpDir/pki-tps-group-member-add-user-add-022.out" \ + 0 \ + "Adding user u9" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-tps-group-member-add-user-add-022.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-tps-group-member-add-user-add-022.out" + rlAssertGrep "Full name: fullNameu9" "$TmpDir/pki-tps-group-member-add-user-add-022.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g1 u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g1 u9 > $TmpDir/pki-tps-group-member-add-groupadd-022.out" \ + 0 \ + "Adding user u9 to group g1" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tps-group-member-add-groupadd-022.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-add-groupadd-022.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find g1 > $TmpDir/pki-tps-group-member-add-groupadd-find-022.out" \ + 0 \ + "User added to group g1" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-add-groupadd-find-022.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-022: Add two group and add a user to the two different group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g2description\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g2description\" g2 > $TmpDir/pki-tps-group-member-add-group-add-023.out" \ + 0 \ + "Adding group g2" + rlAssertGrep "Added group \"g2\"" "$TmpDir/pki-tps-group-member-add-group-add-023.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-member-add-group-add-023.out" + rlAssertGrep "Description: g2description" "$TmpDir/pki-tps-group-member-add-group-add-023.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g3description\" g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g3description\" g3 > $TmpDir/pki-tps-group-member-add-group-add-023_1.out" \ + 0 \ + "Adding group g3" + rlAssertGrep "Added group \"g3\"" "$TmpDir/pki-tps-group-member-add-group-add-023_1.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-member-add-group-add-023_1.out" + rlAssertGrep "Description: g3description" "$TmpDir/pki-tps-group-member-add-group-add-023_1.out" + + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu10\" u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu10\" u10 > $TmpDir/pki-tps-group-member-add-user-add-023.out" \ + 0 \ + "Adding user u10" + rlAssertGrep "Added user \"u10\"" "$TmpDir/pki-tps-group-member-add-user-add-023.out" + rlAssertGrep "User ID: u10" "$TmpDir/pki-tps-group-member-add-user-add-023.out" + rlAssertGrep "Full name: fullNameu10" "$TmpDir/pki-tps-group-member-add-user-add-023.out" + rlLog "Adding the user u10 to group g2" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g2 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g2 u10 > $TmpDir/pki-tps-group-member-add-groupadd-023.out" \ + 0 \ + "Adding user u10 to group g2" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tps-group-member-add-groupadd-023.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-023.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find g2 > $TmpDir/pki-tps-group-member-add-groupadd-find-023.out" \ + 0 \ + "User added to group g2" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-find-023.out" + rlLog "Adding the user u10 to group g3" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g3 u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g3 u10 > $TmpDir/pki-tps-group-member-add-groupadd-023_1.out" \ + 0 \ + "Adding user u10 to group g3" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tps-group-member-add-groupadd-023_1.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-023_1.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find g3 > $TmpDir/pki-tps-group-member-add-groupadd-find-023_1.out" \ + 0 \ + "User added to group g3" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-add-groupadd-find-023_1.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-023: Add a group, add a user to the group and delete the group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g4description\" gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g4description\" gr4 > $TmpDir/pki-tps-group-member-add-group-add-024.out" \ + 0 \ + "Adding group gr4" + rlAssertGrep "Added group \"gr4\"" "$TmpDir/pki-tps-group-member-add-group-add-024.out" + rlAssertGrep "Group ID: gr4" "$TmpDir/pki-tps-group-member-add-group-add-024.out" + rlAssertGrep "Description: g4description" "$TmpDir/pki-tps-group-member-add-group-add-024.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu11\" u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu11\" u11 > $TmpDir/pki-tps-group-member-add-user-add-024.out" \ + 0 \ + "Adding user u11" + rlAssertGrep "Added user \"u11\"" "$TmpDir/pki-tps-group-member-add-user-add-024.out" + rlAssertGrep "User ID: u11" "$TmpDir/pki-tps-group-member-add-user-add-024.out" + rlAssertGrep "Full name: fullNameu11" "$TmpDir/pki-tps-group-member-add-user-add-024.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add gr4 u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add gr4 u11 > $TmpDir/pki-tps-group-member-add-groupadd-024.out" \ + 0 \ + "Adding user u11 to group gr4" + rlAssertGrep "Added group member \"u11\"" "$TmpDir/pki-tps-group-member-add-groupadd-024.out" + rlAssertGrep "User: u11" "$TmpDir/pki-tps-group-member-add-groupadd-024.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find gr4 > $TmpDir/pki-tps-group-member-add-groupadd-find-024.out" \ + 0 \ + "User added to group gr4" + rlAssertGrep "User: u11" "$TmpDir/pki-tps-group-member-add-groupadd-find-024.out" + #Deleting group gr4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del gr4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del gr4 > $TmpDir/pki-tps-group-member-add-groupdel-024.out" \ + 0 \ + "Deleting group gr4" + rlAssertGrep "Deleted group \"gr4\"" "$TmpDir/pki-tps-group-member-add-groupdel-024.out" + #Checking for user-membership + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-membership-find u11" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-membership-find u11 > $TmpDir/pki-tps-group-member-add-usermembership-024.out" \ + 0 \ + "Checking for user membership of u11" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-group-member-add-usermembership-024.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-024: Add a group, add a user to the group and modify the group using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g5description\" g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g5description\" g4 > $TmpDir/pki-tps-group-member-add-group-add-025.out" \ + 0 \ + "Adding group g4" + rlAssertGrep "Added group \"g4\"" "$TmpDir/pki-tps-group-member-add-group-add-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-member-add-group-add-025.out" + rlAssertGrep "Description: g5description" "$TmpDir/pki-tps-group-member-add-group-add-025.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu12\" u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu12\" u12 > $TmpDir/pki-tps-group-member-add-user-add-025.out" \ + 0 \ + "Adding user u12" + rlAssertGrep "Added user \"u12\"" "$TmpDir/pki-tps-group-member-add-user-add-025.out" + rlAssertGrep "User ID: u12" "$TmpDir/pki-tps-group-member-add-user-add-025.out" + rlAssertGrep "Full name: fullNameu12" "$TmpDir/pki-tps-group-member-add-user-add-025.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g4 u12" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g4 u12 > $TmpDir/pki-tps-group-member-add-groupadd-025.out" \ + 0 \ + "Adding user u12 to group g4" + rlAssertGrep "Added group member \"u12\"" "$TmpDir/pki-tps-group-member-add-groupadd-025.out" + rlAssertGrep "User: u12" "$TmpDir/pki-tps-group-member-add-groupadd-025.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find g4 > $TmpDir/pki-tps-group-member-add-groupadd-find-025.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u12" "$TmpDir/pki-tps-group-member-add-groupadd-find-025.out" + #Modifying group g4 + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod g4 --decription=\"Modified group\"" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod g4 --description=\"Modified group\" > $TmpDir/pki-tps-group-member-add-groupmod-025.out" \ + 0 \ + "Modifying group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tps-group-member-add-groupmod-025.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-member-add-groupmod-025.out" + rlAssertGrep "Description: Modified group" "$TmpDir/pki-tps-group-member-add-groupmod-025.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-025: Add a group, add a user to the group, run tps-user-membership-del on the user and run tps-group-member-find using valid admin user TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g5description\" g5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"g6description\" g5 > $TmpDir/pki-tps-group-member-add-group-add-026.out" \ + 0 \ + "Adding group g5" + rlAssertGrep "Added group \"g5\"" "$TmpDir/pki-tps-group-member-add-group-add-026.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-member-add-group-add-026.out" + rlAssertGrep "Description: g6description" "$TmpDir/pki-tps-group-member-add-group-add-026.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu13\" u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu13\" u13 > $TmpDir/pki-tps-group-member-add-user-add-026.out" \ + 0 \ + "Adding user u13" + rlAssertGrep "Added user \"u13\"" "$TmpDir/pki-tps-group-member-add-user-add-026.out" + rlAssertGrep "User ID: u13" "$TmpDir/pki-tps-group-member-add-user-add-026.out" + rlAssertGrep "Full name: fullNameu13" "$TmpDir/pki-tps-group-member-add-user-add-026.out" + rlLog "Adding the user to a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g5 u13" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add g5 u13 > $TmpDir/pki-tps-group-member-add-groupadd-026.out" \ + 0 \ + "Adding user u13 to group g5" + rlAssertGrep "Added group member \"u13\"" "$TmpDir/pki-tps-group-member-add-groupadd-026.out" + rlAssertGrep "User: u13" "$TmpDir/pki-tps-group-member-add-groupadd-026.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find g5 > $TmpDir/pki-tps-group-member-add-groupadd-find-026.out" \ + 0 \ + "User added to group g5" + rlAssertGrep "User: u13" "$TmpDir/pki-tps-group-member-add-groupadd-find-026.out" + #run user-membership-del on u13 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-membership-del u13 g5 > $TmpDir/pki-tps-group-member-add-user-membership-del-026.out" \ + 0 \ + "user-membership-del on u13" + rlAssertGrep "Deleted membership in group \"g5\"" "$TmpDir/pki-tps-group-member-add-user-membership-del-026.out" + #find group members + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find g5 > $TmpDir/pki-tps-group-member-add-group-member-find-026.out" \ + 0 \ + "Find member in group g5" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-group-member-add-group-member-find-026.out" + rlPhaseEnd + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-add-cleanup-001: Deleting the temp directory and users and groups" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u$i > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u$i > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" \ + 0 \ + "Deleting user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g$i > $TmpDir/pki-user-del-tps-group-member-add-group-del-tps-00$i.out" \ + 0 \ + "Deleting group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-user-del-tps-group-member-add-group-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del userall > $TmpDir/pki-group-del-tps-group-member-add-user-del-tps-userall-001.out" \ + 0 \ + "Deleting user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-group-del-tps-group-member-add-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del user1 > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-user1-001.out" \ + 0 \ + "Deleting user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del us19 > $TmpDir/pki-user-del-tps-group-member-add-user-del-tps-u13-001.out" \ + 0 \ + "Deleting user us19" + rlAssertGrep "Deleted user \"us19\"" "$TmpDir/pki-user-del-tps-group-member-add-user-del-tps-u13-001.out" + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 2 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del testuser$i > $TmpDir/pki-group-member-add-tps-user-00$i.out" \ + 0 \ + "Deleting user testuser$i" + rlAssertGrep "Deleted user \"testuser$i\"" "$TmpDir/pki-group-member-add-tps-user-00$i.out" + let i=$i+1 + done + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-group-member-add cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-del.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-del.sh new file mode 100755 index 000000000..efa095ceb --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-del.sh @@ -0,0 +1,771 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-group-cli +# Description: PKI tps-group-member-del CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-group-cli-tps-group-member-del.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## +run_pki-tps-group-cli-tps-group-member-del_tests(){ + #Available groups tps-group-member-del + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +#Available groups tps-group-member-del + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-002: pki tps-group-member-del --help configuration test" + rlRun "pki tps-group-member-del --help > $TmpDir/pki_tps_group_member_del_cfg.out 2>&1" \ + 0 \ + "pki tps-group-member-del --help" + rlAssertGrep "usage: tps-group-member-del \[OPTIONS...\]" "$TmpDir/pki_tps_group_member_del_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_member_del_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-003: pki tps-group-member-del configuration test" + rlRun "pki tps-group-member-del > $TmpDir/pki_tps_group_member_del_2_cfg.out 2>&1" \ + 255 \ + "pki tps-group-member-del" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tps_group_member_del_2_cfg.out" + rlAssertGrep "usage: tps-group-member-del \[OPTIONS...\]" "$TmpDir/pki_tps_group_member_del_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_member_del_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-004: Delete tps-group-member when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-group-member-del-user-add-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-group-member-del-user-add-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-del-user-add-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-del-user-add-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" u$i > $TmpDir/pki-tps-group-member-del-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tps-group-member-del-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-del-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-del-groupadd-find-00$i.out" \ + 0 \ + "Check user is in group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-del-groupadd-find-00$i.out" + rlLog "Delete the user from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del \"$gid\" u$i > $TmpDir/pki-tps-group-member-del-groupdel-del-00$i.out" \ + 0 \ + "User deleted from group \"$gid\"" + rlAssertGrep "Deleted group member \"u$i\"" "$TmpDir/pki-tps-group-member-del-groupdel-del-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-005: Delete tps-group-member from all the groups that user is associated with" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-group-member-del-user-add-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-group-member-del-user-add-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-del-user-add-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-del-user-add-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" userall > $TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-del-groupadd-find-userall-00$i.out" \ + 0 \ + "Check group members with group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-del-groupadd-find-userall-00$i.out" + let i=$i+1 + done + rlLog "Delete user from all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del \"$gid\" userall > $TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" \ + 0 \ + "Delete userall from group \"$gid\"" + rlAssertGrep "Deleted group member \"userall\"" "$TmpDir/pki-tps-group-member-del-groupadd-userall-00$i.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-006: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullName_user1\" user1 > $TmpDir/pki-tps-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user1" + rlAssertGrep "Added user \"user1\"" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user1" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user1" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"Administrators\" user1 > $TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user1 to group \"Administrators\"" + rlAssertGrep "Added group member \"user1\"" "$TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del user1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tps-group-member without specifying group ID" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-007: Missing required option while deleting a user from a group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullName_user2\" user2 > $TmpDir/pki-tps-group-member-del-user-add-user1-001.out" \ + 0 \ + "Adding user user2" + rlAssertGrep "Added user \"user2\"" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "User ID: user2" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlAssertGrep "Full name: fullName_user2" "$TmpDir/pki-tps-group-member-del-user-add-user1-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"Administrators\" user2 > $TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" \ + 0 \ + "Adding user user2 to group \"Administrators\"" + rlAssertGrep "Added group member \"user2\"" "$TmpDir/pki-tps-group-member-del-groupadd-user1-001.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del Administrators" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tps-group-member without specifying member ID" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-008: Should not be able to tps-group-member-del using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-009: Should not be able to tps-group-member-del using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete tps-group-member using a revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-010: Should not be able to tps-group-member-del using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to delete group members using a valid agent cert TPS_agentV" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-011: Should not be able to tps-group-member-del using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-del using admin user with expired cert TPS_adminE" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-012: Should not be able to tps-group-member-del using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-del using TPS_agentE cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-013: Should not be able to tps-group-member-del using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-del using TPS_officerV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-014: Should not be able to tps-group-member-del using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del \"Administrators\" user2" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-del using TPS_operatorV cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-015: Should not be able to tps-group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del 'Administrators' user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-del using TPS_adminUTCA cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-016: Should not be able to tps-group-member-del using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del \"Administrators\" user2" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to tps-group-member-del using role_user_UTCA cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-017: Delete tps-group-member for user id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName='u10' u10" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName='u10' 'u10'" \ + 0 \ + "Adding uid u10" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-group-member-del-groupadd-017_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-group-member-del-groupadd-017_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-group-member-del-groupadd-017_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-group-member-del-groupadd-017_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"dadministʁasjɔ̃\" 'u10'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"dadministʁasjɔ̃\" 'u10' > $TmpDir/pki-tps-group-member-del-groupadd-017_2.out" \ + 0 \ + "Adding user u10 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u10\"" "$TmpDir/pki-tps-group-member-del-groupadd-017_2.out" + rlAssertGrep "User: u10" "$TmpDir/pki-tps-group-member-del-groupadd-017_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del 'dadministʁasjɔ̃' 'u10' > $TmpDir/pki-tps-group-member-del-017_3.out" \ + 0 \ + "Delete group member from group \"dadministʁasjɔ̃\"" + rlAssertGrep "Deleted group member \"u10\"" "$TmpDir/pki-tps-group-member-del-017_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find 'dadministʁasjɔ̃' > $TmpDir/pki-tps-group-member-del-groupadd-find-017_4.out" \ + 0 \ + "Find group members of group \"dadministʁasjɔ̃\"" + rlAssertGrep "0 entries matched" "$TmpDir/pki-tps-group-member-del-groupadd-find-017_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-018: Delete group member when uid is not associated with a group" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameuser123\" user123 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameuser123\" user123 > $TmpDir/pki-tps-group-member-del-user-del-019.out" \ + 0 \ + "Adding user user123" + rlAssertGrep "Added user \"user123\"" "$TmpDir/pki-tps-group-member-del-user-del-019.out" + rlAssertGrep "User ID: user123" "$TmpDir/pki-tps-group-member-del-user-del-019.out" + rlAssertGrep "Full name: fullNameuser123" "$TmpDir/pki-tps-group-member-del-user-del-019.out" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-del \"Administrators\" user123" + errmsg="ResourceNotFoundException: No such attribute." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Delete tps-group-member when uid is not associated with a group" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-019: Deleting a user that has membership with groups removes the user from the groups" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu20\" u20 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu20\" u20 > $TmpDir/pki-tps-group-member-del-user-del-020.out" \ + 0 \ + "Adding user u20" + rlAssertGrep "Added user \"u20\"" "$TmpDir/pki-tps-group-member-del-user-del-020.out" + rlAssertGrep "User ID: u20" "$TmpDir/pki-tps-group-member-del-user-del-020.out" + rlAssertGrep "Full name: fullNameu20" "$TmpDir/pki-tps-group-member-del-user-del-020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"Administrators\" u20 > $TmpDir/pki-tps-group-member-add-groupadd-20_2.out" \ + 0 \ + "Adding user u20 to group \"Administrators\"" + rlAssertGrep "Added group member \"u20\"" "$TmpDir/pki-tps-group-member-add-groupadd-20_2.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find Administrators > $TmpDir/pki-user-del-tps-group-member-find-user-del-20_4.out" \ + 0 \ + "List members of Administrators group" + rlAssertGrep "User: u20" "$TmpDir/pki-user-del-tps-group-member-find-user-del-20_4.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u20 > $TmpDir/pki-user-del-tps-group-member-find-user-del-20_6.out" \ + 0 \ + "Delete user u20" + rlAssertGrep "Deleted user \"u20\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-20_6.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find Administrators > $TmpDir/pki-user-del-tps-group-member-find-user-del-20_7.out" \ + 0 \ + "List members of Administrators group" + rlAssertNotGrep "User: u20" "$TmpDir/pki-user-del-tps-group-member-find-user-del-20_7.out" + rlPhaseEnd + + #Usability tests + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-020: User deleted from Administrators group cannot create a new user" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullName_user1\" testuser1 > $TmpDir/pki-tps-group-member-del-user-add-0021.out" \ + 0 \ + "Adding user testuser1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"Administrators\" testuser1 > $TmpDir/pki-tps-group-member-add-groupadd-21_2.out" \ + 0 \ + "Adding user testuser1 to group \"Administrators\"" + rlAssertGrep "Added group member \"testuser1\"" "$TmpDir/pki-tps-group-member-add-groupadd-21_2.out" + + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"testuser1\" subject_uid:testuser1 subject_email:testuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.out > $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n testuser1 -i $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.out -t "u,u,u"" + + #Add certificate to the user + rlRun "pki -d $CERTDB_DIR/ \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-cert-add testuser1 --input $TmpDir/pki_tps_group_member_del_encoded_0021pkcs10.pem > $TmpDir/useraddcert_021_3.out" \ + 0 \ + "Cert is added to the user testuser1" + + #Add a new user using testuser1 + rlLog "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName='test_user' u9" + rlRun "pki -d $TEMP_NSS_DB/ \ + -n testuser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName='test_user' u9 > $TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "Added user \"u9\"" "$TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "User ID: u9" "$TmpDir/pki-user-add-tps-021_4.out" + rlAssertGrep "Full name: test_user" "$TmpDir/pki-user-add-tps-021_4.out" + + #Delete testuser1 from the Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del \"Administrators\" testuser1 > $TmpDir/pki-tps-group-member-del-groupdel-del-021_5.out" \ + 0 \ + "User deleted from group \"Administrators\"" + rlAssertGrep "Deleted group member \"testuser1\"" "$TmpDir/pki-tps-group-member-del-groupdel-del-021_5.out" + + #Trying to add a user using testuser1 should fail since testuser1 is not in Administrators group + command="pki -d $TEMP_NSS_DB -n testuser1 -c $TEMP_NSS_DB_PASSWD -h $TPS_HOST -p $TPS_PORT tps-user-add --fullName=test_user u212" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to add users using non Administrator" + + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + #Usability tests + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-022: Delete group and check for user membership" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName='Test User2' testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName='Test User2' testuser2 2>&1> /tmp/new_user.out" \ + 0 \ + "Adding uid testuser2 " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add group1 --description=\"New Group\" 2>&1 > $TmpDir/pki-tps-group-member-del-groupadd-022_1.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tps-group-member-del-groupadd-022_1.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tps-group-member-del-groupadd-022_1.out" + rlAssertGrep "Description: New Group" "$TmpDir/pki-tps-group-member-del-groupadd-022_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"group1\" testuser2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"group1\" testuser2 > $TmpDir/pki-tps-group-member-del-groupadd-022_2.out" \ + 0 \ + "Adding user testuser2 to group \"group1\"" + rlAssertGrep "Added group member \"testuser2\"" "$TmpDir/pki-tps-group-member-del-groupadd-022_2.out" + rlAssertGrep "User: testuser2" "$TmpDir/pki-tps-group-member-del-groupadd-022_2.out" + rlLog "Delete group member from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'group1' > $TmpDir/pki-tps-group-member-del-022_3.out" \ + 0 \ + "Delete group \"group1\"" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-tps-group-member-del-022_3.out" + rlLog "Check if the user is removed from the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-membership-find testuser2 > $TmpDir/pki-tps-group-member-del-groupadd-find-022_4.out" \ + 0 \ + "Find user-membership of testuser2" + rlAssertNotGrep "Group: group1" "$TmpDir/pki-tps-group-member-del-groupadd-find-022_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-del-cleanup-001: Deleting the temp directory and users" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u$i > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" + let i=$i+1 + done + i=9 + while [ $i -lt 11 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u$i > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del userall > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del user1 > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user user1" + rlAssertGrep "Deleted user \"user1\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del user2 > $TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" \ + 0 \ + "Deleted user user2" + rlAssertGrep "Deleted user \"user2\"" "$TmpDir/pki-user-del-tps-group-member-del-user-del-tps-userall-001.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del user123 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-user123.out" \ + 0 \ + "Deleted user user123" + rlAssertGrep "Deleted user \"user123\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-user123.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del testuser1 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser1.out" \ + 0 \ + "Deleted user testuser1" + rlAssertGrep "Deleted user \"testuser1\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del testuser2 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser2.out" \ + 0 \ + "Deleted user testuser2" + rlAssertGrep "Deleted user \"testuser2\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-testuser2.out" + + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-group-member-del cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-find.sh new file mode 100755 index 000000000..5303c31dc --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-find.sh @@ -0,0 +1,797 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-group-cli +# Description: PKI tps-group-cli-tps-group-member-find CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-group-cli-tps-group-member-find Find group members. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-group-cli-tps-group-member-find.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +run_pki-tps-group-cli-tps-group-member-find_tests(){ + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-001: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" +#Available groups tps-group-find + groupid1="TPS Agents" + groupid2="TPS Officers" + groupid3="TPS Operators" + groupid4="Administrators" + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-002: pki tps-group-member-find --help configuration test" + rlRun "pki tps-group-member-find --help > $TmpDir/pki_tps_group_member_find_cfg.out 2>&1" \ + 0 \ + "pki tps-group-member-find --help" + rlAssertGrep "usage: tps-group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_tps_group_member_find_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_member_find_cfg.out" + rlAssertGrep "\--size Page size" "$TmpDir/pki_tps_group_member_find_cfg.out" + rlAssertGrep "\--start Page start" "$TmpDir/pki_tps_group_member_find_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-003: pki tps-group-member-find configuration test" + rlRun "pki tps-group-member-find > $TmpDir/pki_tps_group_member_find_2_cfg.out 2>&1" \ + 255 \ + "pki tps-group-member-find" + rlAssertGrep "Error: Incorrect number of arguments specified." "$TmpDir/pki_tps_group_member_find_2_cfg.out" + rlAssertGrep "usage: tps-group-member-find \[FILTER\] \[OPTIONS...\]" "$TmpDir/pki_tps_group_member_find_2_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_member_find_2_cfg.out" + rlAssertGrep "\--size Page size" "$TmpDir/pki_tps_group_member_find_2_cfg.out" + rlAssertGrep "\--start Page start" "$TmpDir/pki_tps_group_member_find_2_cfg.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-004: Find tps-group-member when user is added to different groups" + i=1 + while [ $i -lt 5 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu$i\" u$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameu$i\" u$i > $TmpDir/pki-tps-group-member-find-user-find-00$i.out" \ + 0 \ + "Adding user u$i" + rlAssertGrep "Added user \"u$i\"" "$TmpDir/pki-tps-group-member-find-user-find-00$i.out" + rlAssertGrep "User ID: u$i" "$TmpDir/pki-tps-group-member-find-user-find-00$i.out" + rlAssertGrep "Full name: fullNameu$i" "$TmpDir/pki-tps-group-member-find-user-find-00$i.out" + rlLog "Adding the user to a group" + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" u$i" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" u$i > $TmpDir/pki-tps-group-member-find-groupadd-00$i.out" \ + 0 \ + "Adding user u$i to group \"$gid\"" + rlAssertGrep "Added group member \"u$i\"" "$TmpDir/pki-tps-group-member-find-groupadd-00$i.out" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-find-groupadd-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-find-groupadd-find-00$i.out" \ + 0 \ + "Find group-members with group \"$gid\"" + rlAssertGrep "User: u$i" "$TmpDir/pki-tps-group-member-find-groupadd-find-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-005: Find tps-group-member when the same user is added to many groups" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullName_userall\" userall > $TmpDir/pki-tps-group-member-find-user-find-userall-001.out" \ + 0 \ + "Adding user userall" + rlAssertGrep "Added user \"userall\"" "$TmpDir/pki-tps-group-member-find-user-find-userall-001.out" + rlAssertGrep "User ID: userall" "$TmpDir/pki-tps-group-member-find-user-find-userall-001.out" + rlAssertGrep "Full name: fullName_userall" "$TmpDir/pki-tps-group-member-find-user-find-userall-001.out" + rlLog "Adding the user to all the groups" + i=1 + while [ $i -lt 5 ] ; do + eval gid=\$groupid$i + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" userall" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"$gid\" userall > $TmpDir/pki-tps-group-member-find-groupadd-userall-00$i.out" \ + 0 \ + "Adding user userall to group \"$gid\"" + rlAssertGrep "Added group member \"userall\"" "$TmpDir/pki-tps-group-member-find-groupadd-userall-00$i.out" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-find-groupadd-userall-00$i.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find \"$gid\" > $TmpDir/pki-tps-group-member-find-groupadd-find-userall-00$i.out" \ + 0 \ + "Find user membership to group \"$gid\"" + rlAssertGrep "User: userall" "$TmpDir/pki-tps-group-member-find-groupadd-find-userall-00$i.out" + + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-006: Find tps-group-member when many users are added to one group" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"Test group\" group1 > $TmpDir/pki-tps-group-member-find-groupadd-006.out" \ + 0 \ + "Adding group group1" + rlAssertGrep "Added group \"group1\"" "$TmpDir/pki-tps-group-member-find-groupadd-006.out" + rlAssertGrep "Group ID: group1" "$TmpDir/pki-tps-group-member-find-groupadd-006.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tps-group-member-find-groupadd-006.out" + while [ $i -lt 15 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameuser$i\" user$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameuser$i\" user$i > $TmpDir/pki-tps-group-member-find-useradd-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added user \"user$i\"" "$TmpDir/pki-tps-group-member-find-useradd-00$i.out" + rlAssertGrep "User ID: user$i" "$TmpDir/pki-tps-group-member-find-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tps-group-member-find-useradd-00$i.out" + rlLog "Adding user user$i to group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add group1 user$i > $TmpDir/pki-tps-group-member-find-group-member-add-00$i.out" \ + 0 \ + "Adding user user$i" + rlAssertGrep "Added group member \"user$i\"" "$TmpDir/pki-tps-group-member-find-group-member-add-00$i.out" + rlAssertGrep "User: user$i" "$TmpDir/pki-tps-group-member-find-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 > $TmpDir/pki-tps-group-member-find-group1-006.out" \ + 0 \ + "Find users added to group \"$gid\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tps-group-member-find-group1-006.out" + rlAssertGrep "Number of entries returned $i" "$TmpDir/pki-tps-group-member-find-group1-006.out" + i=1 + while [ $i -lt 15 ] ; do + rlAssertGrep "User: user$i" "$TmpDir/pki-tps-group-member-find-group1-006.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-007: Find tps-group-member of a user from the 6th position (start=5)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 --start=5 > $TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" \ + 0 \ + "Checking user added to group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user6" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user7" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user8" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user9" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user10" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user11" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user12" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user13" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "User: user14" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlAssertGrep "Number of entries returned 9" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-008: Find all group members of a group (start=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 --start=0 > $TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" \ + 0 \ + "Checking group members of a group " + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-002.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-009: Find group members when page start is negative (start=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=-1" + errmsg="--start option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "group-member-find should fail if start is less than 0" + rlLog " FAIL: https://fedorahosted.org/pki/ticket/1068" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/929" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-010: Find group members when page start greater than available number of groups (start=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 --start=15 > $TmpDir/pki-tps-group-member-find-groupadd-find-start-004.out" \ + 0 \ + "Checking group members of a group" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-004.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-member-find-groupadd-find-start-004.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-011: Should not be able to find group members when page start is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members when page start is non integer" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-012: Find group member when page size is 0 (size=0)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 --size=0 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-006.out" 0 \ + "tps-group_member-find with size parameter as 0" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-006.out" + rlAssertGrep "Number of entries returned 0" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-006.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-013: Find group members when page size is 1 (size=1)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 --size=1 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" 0 \ + "tps-group_member-find with size parameter as 1" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "User: user1" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" + rlAssertGrep "Number of entries returned 1" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-014: Find group members when page size is 15 (size=15)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 --size=15 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" 0 \ + "tps-group_member-find with size parameter as 15" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-009.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-015: Find group members when page size greater than available number of groups (size=100)" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 --size=100 > $TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" 0 \ + "tps-group_member-find with size parameter as 100" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" + i=1 + while [ $i -lt 15 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 14" "$TmpDir/pki-tps-group-member-find-groupadd-find-size-0010.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-016: Find group-member when page size is negative (size=-1)" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --size=-1" + errmsg="--size option should have argument greater than 0" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "tps-group-member-find should fail if size is less than 0" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/861" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-017: Should not be able to find group members when page size is non integer" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --size=a" + errmsg="NumberFormatException: For input string: \"a\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "String cannot be used as input to size parameter " + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-018: Find group members with -t tps option" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-member-find group1 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-member-find group1 --size=5 > $TmpDir/pki-tps-group-member-find-018.out" \ + 0 \ + "Find tps-group-member with -t tps option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-018.out" + i=1 + while [ $i -lt 5 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-018.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-group-member-find-018.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-019: Find group members with page start and page size option" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 --start=6 --size=5" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group1 --start=6 --size=5 > $TmpDir/pki-tps-group-member-find-019.out" \ + 0 \ + "Find group members with page start and page size option" + rlAssertGrep "14 entries matched" "$TmpDir/pki-tps-group-member-find-019.out" + i=7 + while [ $i -lt 12 ] ; do + eval uid=user$i + rlAssertGrep "User: $uid" "$TmpDir/pki-tps-group-member-find-019.out" + let i=$i+1 + done + rlAssertGrep "Number of entries returned 5" "$TmpDir/pki-tps-group-member-find-019.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-020: Find group members with --size more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --size=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if size has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-021: Find group members with --start more than maximum possible value" + randhex=$(openssl rand -hex 12 | perl -p -e 's/\n//') + randhex_covup=${randhex^^} + maximum_check=$(echo "ibase=16;$randhex_covup"|bc) + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=$maximum_check" + errmsg="NumberFormatException: For input string: \"$maximum_check\"" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "An exception should be thrown if start has a value greater than the maximum possible" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-022: Should not be able to tps-group-member-find using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a revoked cert TPS_adminR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-023: Should not be able to group-member-find using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-group-member using an agent with revoked cert TPS_agentR" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-024: Should not be able to tps-group-member-find using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group members using a valid agent TPS_agentV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-025: Should not be able to tps-group-member-find using admin user with expired cert TPS_adminE" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-group-member using a expired admin TPS_adminE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-026: Should not be able to tps-group-member-find using TPS_agentE cert" + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a expired agent TPS_agentE user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-027: Should not be able to tps-group-member-find using TPS_officerV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a valid officer TPS_officerV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-028: Should not be able to tps-group-member-find using TPS_operatorV cert" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=0 --size=5" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-members using a valid operator TPS_operatorV user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-029: Should not be able to tps-group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find tps-group-member using a untrusted TPS_adminUTCA user cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-030: Should not be able to tps-group-member-find using role_user_UTCA cert" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-find group1 --start=0 --size=5" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Should not be able to find group-member using a untrusted TPS_agentUTCA user cert" + rlLog "PKI Ticket:: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-031:Find group-member for group id with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName='u9' u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName='u9' u9" \ + 0 \ + "Adding uid u9" + rlLog "Create a group dadministʁasjɔ̃ with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add 'dadministʁasjɔ̃' --description \"Admininstartors in French\" 2>&1 > $TmpDir/pki-tps-group-member-add-groupadd-031_1.out" \ + 0 \ + "Adding group dadministʁasjɔ̃ with i18n characters" + rlAssertGrep "Added group \"dadministʁasjɔ̃\"" "$TmpDir/pki-tps-group-member-add-groupadd-031_1.out" + rlAssertGrep "Group ID: dadministʁasjɔ̃" "$TmpDir/pki-tps-group-member-add-groupadd-031_1.out" + rlAssertGrep "Description: Admininstartors in French" "$TmpDir/pki-tps-group-member-add-groupadd-031_1.out" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"dadministʁasjɔ̃\" u9" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add \"dadministʁasjɔ̃\" u9 > $TmpDir/pki-tps-group-member-find-groupadd-031_2.out" \ + 0 \ + "Adding user u9 to group \"dadministʁasjɔ̃\"" + rlAssertGrep "Added group member \"u9\"" "$TmpDir/pki-tps-group-member-find-groupadd-031_2.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-find-groupadd-031_2.out" + rlLog "Check if the user is added to the group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find \"dadministʁasjɔ̃\" > $TmpDir/pki-tps-group-member-find-groupadd-find-031_3.out" \ + 0 \ + "Find group-member u9 in \"dadministʁasjɔ̃\"" + rlAssertGrep "1 entries matched" "$TmpDir/pki-tps-group-member-find-groupadd-find-031_3.out" + rlAssertGrep "User: u9" "$TmpDir/pki-tps-group-member-find-groupadd-find-031_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-032: Find tps-group-member - paging" + i=1 + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"Test group\" group2 > $TmpDir/pki-tps-group-member-find-groupadd-034.out" \ + 0 \ + "Adding group group2" + rlAssertGrep "Added group \"group2\"" "$TmpDir/pki-tps-group-member-find-groupadd-034.out" + rlAssertGrep "Group ID: group2" "$TmpDir/pki-tps-group-member-find-groupadd-034.out" + rlAssertGrep "Description: Test group" "$TmpDir/pki-tps-group-member-find-groupadd-034.out" + while [ $i -lt 25 ] ; do + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameuser$i\" userid$i " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"fullNameuser$i\" userid$i > $TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added user \"userid$i\"" "$TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "User ID: userid$i" "$TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" + rlAssertGrep "Full name: fullNameuser$i" "$TmpDir/pki-tps-group-member-find-paging-useradd-00$i.out" + rlLog "Adding user userid$i to group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add group2 userid$i > $TmpDir/pki-tps-group-member-find-paging-group-member-add-00$i.out" \ + 0 \ + "Adding user userid$i" + rlAssertGrep "Added group member \"userid$i\"" "$TmpDir/pki-tps-group-member-find-paging-group-member-add-00$i.out" + rlAssertGrep "User: userid$i" "$TmpDir/pki-tps-group-member-find-paging-group-member-add-00$i.out" + let i=$i+1 + done + let i=$i-1 + rlLog "Find group members of group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-find group2 > $TmpDir/pki-tps-group-member-find-group1-034.out" \ + 0 \ + "Find users added to group \"group2\"" + rlAssertGrep "$i entries matched" "$TmpDir/pki-tps-group-member-find-group1-034.out" + rlAssertGrep "Number of entries returned 20" "$TmpDir/pki-tps-group-member-find-group1-034.out" + i=1 + while [ $i -lt 20 ] ; do + rlAssertGrep "User: userid$i" "$TmpDir/pki-tps-group-member-find-group1-034.out" + let i=$i+1 + done + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member-find-cleanup-001: Deleting the temp directory, users and groups" + + #===Deleting users created using TPS_adminV cert===# + i=1 + while [ $i -lt 5 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u$i > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" \ + 0 \ + "Deleted user u$i" + rlAssertGrep "Deleted user \"u$i\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u9 > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-007.out" \ + 0 \ + "Deleted user u9" + rlAssertGrep "Deleted user \"u9\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-007.out" + i=1 + while [ $i -lt 15 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del user$i > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group1-00$i.out" \ + 0 \ + "Deleted user user$i" + rlAssertGrep "Deleted user \"user$i\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group1-00$i.out" + let i=$i+1 + done + i=1 + while [ $i -lt 25 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del userid$i > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group2-00$i.out" \ + 0 \ + "Deleted user userid$i" + rlAssertGrep "Deleted user \"userid$i\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-group2-00$i.out" + let i=$i+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del userall > $TmpDir/pki-user-del-tps-group-member-find-user-del-tps-userall.out" \ + 0 \ + "Deleted user userall" + rlAssertGrep "Deleted user \"userall\"" "$TmpDir/pki-user-del-tps-group-member-find-user-del-tps-userall.out" + + + #===Deleting groups created using TPS_adminV===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'group1' > $TmpDir/pki-user-del-tps-group1.out" \ + 0 \ + "Deleting group group1" + rlAssertGrep "Deleted group \"group1\"" "$TmpDir/pki-user-del-tps-group1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'group2' > $TmpDir/pki-user-del-tps-group2.out" \ + 0 \ + "Deleting group group2" + rlAssertGrep "Deleted group \"group2\"" "$TmpDir/pki-user-del-tps-group2.out" + + + #===Deleting i18n group created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'dadministʁasjɔ̃' > $TmpDir/pki-user-del-tps-group-i18n_1.out" \ + 0 \ + "Deleting group dadministʁasjɔ̃" + rlAssertGrep "Deleted group \"dadministʁasjɔ̃\"" "$TmpDir/pki-user-del-tps-group-i18n_1.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-group-member-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-show.sh new file mode 100755 index 000000000..0727ad6e2 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-show.sh @@ -0,0 +1,527 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-group-cli +# Description: PKI tps-group-member-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-group-cli-tps-group-member-show Show groups members +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create_role_users.sh should be first executed prior to pki-tps-group-cli-tps-group-member-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-tps-group-cli-tps-group-member-show_tests(){ + rlPhaseStartSetup "pki_tps_group_cli_tps_group_member_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +cert_info="$TmpDir/cert_info" +ROOTCA_agent_user=${caId}_agentV +group1=test_group + group1desc="Test Group" + group2=test_group2 + group2desc="Test Group 2" + group3=test_group3 + group3desc="Test Group 3" + rlPhaseStartTest "pki_tps_group_member_show-configtest: pki tps-group-member-show configuration test" + rlRun "pki tps-group-member-show --help > $TmpDir/pki_tps_group_member_show_cfg.out 2>&1" \ + 0 \ + "pki tps-group-member-show" + rlAssertGrep "usage: tps-group-member-show \[OPTIONS...\]" "$TmpDir/pki_tps_group_member_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_member_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TPS groups #### + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-001: Add group to TPS using TPS_adminV, add a user to the group and show group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"User1\" u1" \ + 0 \ + "Add user u1 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add $group1 u1" \ + 0 \ + "Add user u1 to group $group1 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group1 u1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group1 u1 > $TmpDir/pki_tps_group_member_show_groupshow001.out" \ + 0 \ + "Show group members of $group1" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki_tps_group_member_show_groupshow001.out" + rlAssertGrep "User: u1" "$TmpDir/pki_tps_group_member_show_groupshow001.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-002: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show u1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-003: Missing required option member id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1" + errmsg="Error: Incorrect number of arguments specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members without member id" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-004: A non existing member ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1 user1" + errmsg="ResourceNotFoundException: Group member user1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-005: A non existing group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show group1 u1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-006: Checking if member id case sensitive " + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group1 U1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group1 U1 > $TmpDir/pki-tps-group-member-show-006.out 2>&1" \ + 0 \ + "Member ID is not case sensitive" + rlAssertGrep "User \"U1\"" "$TmpDir/pki-tps-group-member-show-006.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tps-group-member-show-006.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/1069" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-007: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show TEST_GROUP u1 > $TmpDir/pki-tps-group-member-show-007.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group member \"u1\"" "$TmpDir/pki-tps-group-member-show-007.out" + rlAssertGrep "User: u1" "$TmpDir/pki-tps-group-member-show-007.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-008: Should not be able to show group member using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-009: Should not be able to show group member using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-010: Should not be able to show group members using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-011: Should not be able to show group members using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-012: Should not be able to show group members using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-013: Should not be able to show group members using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-014: Should not be able to show group members using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1 u1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-015: Should not be able to show group members using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group1 u1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group members using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-016: Should not be able to show group members using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User1\" subject_uid:pkiUser1 subject_email:pkiuser1@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$CA_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $CA_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.out > $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser1 -i $TmpDir/pki_tps_group_member_show_encoded_0029pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group1 u1" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser1 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group1 u1 > $TmpDir/pki-tps-group-member-show-pkiUser1-002.out 2>&1" 255 "Should not be able to show group members using a user cert" + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-member-show-pkiUser1-002.out" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-017: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tps-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=test u3 > $TmpDir/pki-tps-group-member-show-001_57.out 2>&1" \ + 0 \ + "Adding user id u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add 'ÖrjanÄke' u3 > $TmpDir/pki-tps-group-member-show-001_56.out 2>&1" \ + 0 \ + "Adding user u3 to group ÖrjanÄke" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show 'ÖrjanÄke' u3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show 'ÖrjanÄke' u3 > $TmpDir/pki-tps-group-member-show-001_56_2.out" \ + 0 \ + "Show group member'ÖrjanÄke'" + rlAssertGrep "Group member \"u3\"" "$TmpDir/pki-tps-group-member-show-001_56_2.out" + rlAssertGrep "User: u3" "$TmpDir/pki-tps-group-member-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-018: Add group to TPS using TPS_adminV, add a user to the group, delete the group member and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$group2desc\" $group2" \ + 0 \ + "Add group $group2 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"User2\" u2" \ + 0 \ + "Add user u2 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add $group2 u2" \ + 0 \ + "Add user u2 to group $group2 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group2 u2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group2 u2 > $TmpDir/pki_tps_group_member_show_groupshow019.out" \ + 0 \ + "Show group members of $group2" + rlAssertGrep "Group member \"u2\"" "$TmpDir/pki_tps_group_member_show_groupshow019.out" + rlAssertGrep "User: u2" "$TmpDir/pki_tps_group_member_show_groupshow019.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-del $group2 u2" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group2 u2" + errmsg="ResourceNotFoundException: Group member u2 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-group-member show should throw and error if the group member is deleted" + + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-019: Add group to TPS using TPS_adminV, add a user to the group, delete the user and show the group member" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$group3desc\" $group3" \ + 0 \ + "Add group $group3 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"User4\" u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-add --fullName=\"User4\" u4" \ + 0 \ + "Add user u3 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-add $group3 u4" \ + 0 \ + "Add user u4 to group $group3 using TPS_adminV" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group3 u4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-member-show $group3 u4 > $TmpDir/pki_tps_group_member_show_groupshow020.out" \ + 0 \ + "Show group members of $group3" + rlAssertGrep "Group member \"u4\"" "$TmpDir/pki_tps_group_member_show_groupshow020.out" + rlAssertGrep "User: u4" "$TmpDir/pki_tps_group_member_show_groupshow020.out" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u4" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show $group3 u4" + errmsg="ResourceNotFoundException: Group member u4 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - tps-group-member show should throw and error if the member user is deleted" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show-021: A non existing member ID and group ID" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-member-show group1 user1" + errmsg="GroupNotFoundException: Group group1 not found" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group members with a non-existing member id and group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_member_show_cleanup-022: Deleting the temp directory and groups" + + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 4 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del $grp > $TmpDir/pki-group-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + + j=1 + while [ $j -lt 4 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-user-del u$j > $TmpDir/pki-user-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted user u$j" + rlAssertGrep "Deleted user \"u$j\"" "$TmpDir/pki-user-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-group-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-mod.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-mod.sh new file mode 100755 index 000000000..d9b9c218e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-mod.sh @@ -0,0 +1,548 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-group-cli +# Description: PKI tps-group-mod CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-group-cli-tps-group-mod Modify existing groups in the pki tps subsystem. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-tps-group-cli-tps-group-mod.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-tps-group-cli-tps-group-mod_tests(){ +#####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_tps_group_cli_tps_group_mod-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV + + #####Create temporary dir to save the output files ##### + rlPhaseStartSetup "pki_tps_group_cli_tps_group_mod-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +group1=tps_group +group1desc="Test tps group" +group2=abcdefghijklmnopqrstuvwxyx12345678 +group3=abc# +group4=abc$ +group5=abc@ +group6=abc? +group7=0 +group1_mod_description="Test tps agent Modified" +randsym="" +i18ngroup=i18ngroup +i18ngroupdescription="Örjan Äke" +i18ngroup_mod_description="kakskümmend" +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" + + ##### pki_tps_group_cli_tps_group_mod-configtest #### + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-configtest-001: pki tps-group-mod configuration test" + rlRun "pki tps-group-mod --help > $TmpDir/pki_tps_group_mod_cfg.out 2>&1" \ + 0 \ + "Group modification configuration" + rlAssertGrep "usage: tps-group-mod \[OPTIONS...\]" "$TmpDir/pki_tps_group_mod_cfg.out" + rlAssertGrep "\--description Description" "$TmpDir/pki_tps_group_mod_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_mod_cfg.out" + rlPhaseEnd + + + ##### Tests to modify TPS groups #### + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-002: Modify a group's description in TPS" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$group1desc\" $group1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tps-group-mod-002.out" \ + 0 \ + "Modified $group1 description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tps-group-mod-002.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-mod-002.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-002.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + +rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-003:--description with characters and numbers" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test g1" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description abcdefghijklmnopqrstuvwxyx12345678 g1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=abcdefghijklmnopqrstuvwxyx12345678 g1 > $TmpDir/pki-tps-group-mod-004.out" \ + 0 \ + "Modified group using TPS_adminV with --description with characters and numbers" + rlAssertGrep "Modified group \"g1\"" "$TmpDir/pki-tps-group-mod-004.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-mod-004.out" + rlAssertGrep "Description: abcdefghijklmnopqrstuvwxyx12345678" "$TmpDir/pki-tps-group-mod-004.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-004:--description with maximum length and symbols " + randsym_b64=$(openssl rand -base64 1024 | perl -p -e 's/\n//') + randsym=$(echo $randsym_b64 | sed 's/\///g') + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test g2" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$randsym\" g2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$randsym\" g2 > $TmpDir/pki-tps-group-mod-005.out" \ + 0 \ + "Modified group using TPS_adminV with maximum --description length and character symbols in it" + actual_group_string=`cat $TmpDir/pki-tps-group-mod-005.out | grep "Description: " | xargs echo` + expected_group_string="Description: $randsym" + rlAssertGrep "Modified group \"g2\"" "$TmpDir/pki-tps-group-mod-005.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-mod-005.out" + if [[ $actual_group_string = $expected_group_string ]] ; then + rlPass "$expected_group_string found" + else + rlFail "$expected_group_string not found" + fi + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-005:--description with $ character " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test g3" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=$ g3" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=$ g3 > $TmpDir/pki-tps-group-mod-008.out" \ + 0 \ + "Modified group with --description $ character" + rlAssertGrep "Modified group \"g3\"" "$TmpDir/pki-tps-group-mod-008.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-mod-008.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tps-group-mod-008.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-006: Modify a group to TPS with -t option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test g4" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-mod --description=\"$group1desc\" g4" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-mod --description=\"$group1desc\" g4 > $TmpDir/pki-tps-group-mod-007.out" \ + 0 \ + "Modified group g4" + rlAssertGrep "Modified group \"g4\"" "$TmpDir/pki-tps-group-mod-007.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-mod-007.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tps-group-mod-007.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-007: Modify a group -- missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1desc'" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modify group -- missing required option group id" + rlPhaseEnd + +##### Tests to modify groups using revoked cert##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-008: Should not be able to modify groups using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1_mod_description' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-009: Should not be able to modify group using an agent or a revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a user having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + +##### Tests to modify groups using an agent user##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-010: Should not be able to modify groups using a TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using a agent cert" + rlPhaseEnd + + +##### Tests to modify groups using expired cert##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-011: Should not be able to modify group using a TPS_adminE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired admin cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-012: Should not be able to modify group using a TPS_agentE cert" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date --set='next day'" 0 "Set System date a day ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an expired agent cert" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/934" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlPhaseEnd + + ##### Tests to modify groups using officer users##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-013: Should not be able to modify group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 using an officer cert" + rlPhaseEnd + + ##### Tests to modify groups using operator user### + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-014: Should not be able to modify group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1desc' $group1" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as TPS_operatorV" + rlPhaseEnd + +##### Tests to modify groups using TPS_adminUTCA and TPS_agentUTCA user's certificate will be issued by an untrusted TPS users##### + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-015: Should not be able to modify groups using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1desc' $group1" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot modify group $group1 as adminUTCA" + rlPhaseEnd + +rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-016: Modify a group -- Group ID does not exist" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description='$group1desc' g5" + errmsg="ResourceNotFoundException: Group g5 not found." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Modifying a non existing group" + rlPhaseEnd + +##### Tests to modify TPS groups with empty parameters #### + + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-017: Modify a user created group in TPS using TPS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$group1desc\" g5" + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description=\"\" g5" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description=\"\" g5 > $TmpDir/pki-tps-group-mod-0017.out" 0 "Group modified successfully with empty description" + rlAssertGrep "Modified group \"g5\"" "$TmpDir/pki-tps-group-mod-0017.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-mod-0017.out" + rlPhaseEnd + + +##### Tests to modify TPS groups with the same value #### + + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-018: Modify a group in TPS using TPS_adminV - description same old value" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show $group1 > $TmpDir/pki-tps-group-mod-041_1.out" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tps-group-mod-041_1.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-mod-041_1.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-041_1.out" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$group1_mod_description\" $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$group1_mod_description\" $group1 > $TmpDir/pki-tps-group-mod-041_2.out" \ + 0 \ + "Modifying $group1 with same old description" + rlAssertGrep "Modified group \"$group1\"" "$TmpDir/pki-tps-group-mod-041_2.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-mod-041_2.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-041_2.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify TPS groups having i18n chars in the description #### + +rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-019: Modify a groups's description having i18n chars in TPS using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$i18ngroupdescription\" $i18ngroup" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$i18ngroup_mod_description\" $i18ngroup > $TmpDir/pki-tps-group-mod-043.out" \ + 0 \ + "Modified $i18ngroup description" + rlAssertGrep "Modified group \"$i18ngroup\"" "$TmpDir/pki-tps-group-mod-043.out" + rlAssertGrep "Group ID: $i18ngroup" "$TmpDir/pki-tps-group-mod-043.out" + rlAssertGrep "Description: $i18ngroup_mod_description" "$TmpDir/pki-tps-group-mod-043.out" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/818" + rlPhaseEnd + +##### Tests to modify system generated TPS groups #### + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-021: Modify Administrator group's description in TPS using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show Administrators > $TmpDir/pki-tps-group-mod-group-show-022.out" + admin_group_desc=$(cat $TmpDir/pki-tps-group-mod-group-show-022.out| grep Description | cut -d- -f2) + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$group1_mod_description\" Administrators" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$group1_mod_description\" Administrators > $TmpDir/pki-tps-group-mod-022.out" \ + 0 \ + "Modified Administrators group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tps-group-mod-022.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tps-group-mod-022.out" + rlAssertGrep "Description: $group1_mod_description" "$TmpDir/pki-tps-group-mod-022.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$admin_group_desc\" Administrators" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_mod-022: Modify Administrators group in TPS using TPS_adminV - description is empty" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show Administrators > $TmpDir/pki-tps-group-mod-group-show-023.out" + admin_group_desc=$(cat $TmpDir/pki-tps-group-mod-group-show-023.out| grep Description | cut -d- -f2) + rlLog "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description=\"\" Administrators" + rlRun "pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-mod --description=\"\" Administrators > $TmpDir/pki-tps-group-mod-023.out" 0 "Successfully modified Administrator group description" + rlAssertGrep "Modified group \"Administrators\"" "$TmpDir/pki-tps-group-mod-023.out" + rlAssertGrep "Group ID: Administrators" "$TmpDir/pki-tps-group-mod-023.out" + #Restoring the original description of Administrators group + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-mod --description=\"$admin_group_desc\" Administrators" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/833" + rlPhaseEnd + + +#===Deleting groups===# +rlPhaseStartTest "pki_tps_group_cli_group_cleanup: Deleting role groups" + + i=1 + while [ $i -lt 6 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g$i > $TmpDir/pki-group-del-tps-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-group-del-tps-group-00$i.out" + let i=$i+1 + done + + j=1 + while [ $j -lt 2 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del $grp > $TmpDir/pki-group-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del $i18ngroup > $TmpDir/pki-group-del-tps-i18ngroup-001.out" \ + 0 \ + "Deleted group $i18ngroup" + rlAssertGrep "Deleted group \"$i18ngroup\"" "$TmpDir/pki-group-del-tps-i18ngroup-001.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + + rlPhaseEnd +else + rlPhaseStartCleanup "pki group-mod-tps cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-show.sh new file mode 100755 index 000000000..68ca689e9 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-show.sh @@ -0,0 +1,700 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/cli-tests/pki-tps-group-cli +# Description: PKI tps-group-show CLI tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki cli commands needs to be tested: +# pki-tps-group-cli-tps-group-show Show groups +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +###################################################################################### +#create-role-users.sh should be first executed prior to pki-tps-group-cli-tps-group-show.sh +###################################################################################### + +######################################################################## +# Test Suite Globals +######################################################################## + +######################################################################## +run_pki-tps-group-cli-tps-group-show_tests(){ + +rlPhaseStartSetup "pki_tps_group_cli_tps_group_show-startup: Create temporary directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + +subsystemId=$1 +SUBSYSTEM_TYPE=$2 +MYROLE=$3 +caId=$4 +CA_HOST=$5 +get_topo_stack $MYROLE $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + elif [ "$MYROLE" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + else + prefix=$MYROLE + tps_instance_created=$(eval echo \$${prefix}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ]; then +TPS_HOST=$(eval echo \$${MYROLE}) +TPS_PORT=$(eval echo \$${subsystemId}_UNSECURE_PORT) +CA_PORT=$(eval echo \$${caId}_UNSECURE_PORT) +eval ${subsystemId}_adminV_user=${subsystemId}_adminV +eval ${subsystemId}_adminR_user=${subsystemId}_adminR +eval ${subsystemId}_adminE_user=${subsystemId}_adminE +eval ${subsystemId}_adminUTCA_user=${subsystemId}_adminUTCA +eval ${subsystemId}_agentV_user=${subsystemId}_agentV +eval ${subsystemId}_agentR_user=${subsystemId}_agentR +eval ${subsystemId}_agentE_user=${subsystemId}_agentE +eval ${subsystemId}_officerV_user=${subsystemId}_officerV +eval ${subsystemId}_operatorV_user=${subsystemId}_operatorV +ROOTCA_agent_user=${caId}_agentV +local TEMP_NSS_DB="$TmpDir/nssdb" +local TEMP_NSS_DB_PASSWD="redhat123" +local cert_info="$TmpDir/cert_info" + #local variables + group1=test_group + group1desc="Test Group" + group2=abcdefghijklmnopqrstuvwxyx12345678 + group3=abc# + group4=abc$ + group5=abc@ + group6=abc? + group7=0 + + rlPhaseStartTest "pki_tps_group_show-configtest: pki tps-group-show configuration test" + rlRun "pki tps-group-show --help > $TmpDir/pki_tps_group_show_cfg.out 2>&1" \ + 0 \ + "pki tps-group-show" + rlAssertGrep "usage: tps-group-show \[OPTIONS...\]" "$TmpDir/pki_tps_group_show_cfg.out" + rlAssertGrep "\--help Show help options" "$TmpDir/pki_tps_group_show_cfg.out" + rlPhaseEnd + + ##### Tests to show TPS groups #### + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-001: Add group to TPS using TPS_adminV and show group" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=\"$group1desc\" $group1" \ + 0 \ + "Add group $group1 using TPS_adminV" + rlLog "Executing: pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show $group1" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show $group1 > $TmpDir/pki-tps-group-show-001.out" \ + 0 \ + "Show group $group1" + rlAssertGrep "Group \"$group1\"" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Group ID: $group1" "$TmpDir/pki-tps-group-show-001.out" + rlAssertGrep "Description: $group1desc" "$TmpDir/pki-tps-group-show-001.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-002: maximum length of group id" + group2=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group2" \ + 0 \ + "Add group $group2" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show $group2 > $TmpDir/pki-tps-group-show-001_1.out" \ + 0 \ + "Show $group2 group" + rlAssertGrep "Group \"$group2\"" "$TmpDir/pki-tps-group-show-001_1.out" + actual_groupid_string=`cat $TmpDir/pki-tps-group-show-001_1.out | grep 'Group ID:' | xargs echo` + expected_groupid_string="Group ID: $group2" + if [[ $actual_groupid_string = $expected_groupid_string ]] ; then + rlPass "Group ID: $group2 found" + else + rlFail "Group ID: $group2 not found" + fi + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_1.out" + + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-003: Group id with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group3" \ + 0 \ + "Add group $group3 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show $group3 > $TmpDir/pki-tps-group-show-001_2.out" \ + 0 \ + "Show $group3 group" + rlAssertGrep "Group \"$group3\"" "$TmpDir/pki-tps-group-show-001_2.out" + rlAssertGrep "Group ID: $group3" "$TmpDir/pki-tps-group-show-001_2.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-004: Group id with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group4" \ + 0 \ + "Add group $group4 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show $group4 > $TmpDir/pki-tps-group-show-001_3.out" \ + 0 \ + "Show $group4 group" + rlAssertGrep "Group \"$group4\"" "$TmpDir/pki-tps-group-show-001_3.out" + rlAssertGrep "Group ID: abc\\$" "$TmpDir/pki-tps-group-show-001_3.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_3.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-005: Group id with @ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group5" \ + 0 \ + "Add $group5 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show $group5 > $TmpDir/pki-tps-group-show-001_4.out" \ + 0 \ + "Show $group5 group" + rlAssertGrep "Group \"$group5\"" "$TmpDir/pki-tps-group-show-001_4.out" + rlAssertGrep "Group ID: $group5" "$TmpDir/pki-tps-group-show-001_4.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_4.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-006: Group id with ? character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group6" \ + 0 \ + "Add $group6 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show $group6 > $TmpDir/pki-tps-group-show-001_5.out" \ + 0 \ + "Show $group6 group" + rlAssertGrep "Group \"$group6\"" "$TmpDir/pki-tps-group-show-001_5.out" + rlAssertGrep "Group ID: $group6" "$TmpDir/pki-tps-group-show-001_5.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_5.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-007: Group id as 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test $group7" \ + 0 \ + "Add group $group7 using TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show $group7 > $TmpDir/pki-tps-group-show-001_6.out" \ + 0 \ + "Show group $group7" + rlAssertGrep "Group \"$group7\"" "$TmpDir/pki-tps-group-show-001_6.out" + rlAssertGrep "Group ID: $group7" "$TmpDir/pki-tps-group-show-001_6.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_6.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-008: --description with maximum length" + desc=$(openssl rand -hex 2048 | perl -p -e 's/\n//') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='$desc' g1" \ + 0 \ + "Added group using TPS_adminV with maximum --description length" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g1 > $TmpDir/pki-tps-group-show-001_7.out" \ + 0 \ + "Show group g1" + rlAssertGrep "Group \"g1\"" "$TmpDir/pki-tps-group-show-001_7.out" + rlAssertGrep "Group ID: g1" "$TmpDir/pki-tps-group-show-001_7.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-show-001_7.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-009: --description with maximum length and symbols" + desc_b64=$(openssl rand -base64 2048 | perl -p -e 's/\n//') + desc=$(echo $desc_b64 | sed 's/\///g') + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description='$desc' g2" \ + 0 \ + "Added group with maximum --description length and character symbols in it" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g2 > $TmpDir/pki-tps-group-show-001_8.out" \ + 0 \ + "Show group g2" + rlAssertGrep "Group \"g2\"" "$TmpDir/pki-tps-group-show-001_8.out" + rlAssertGrep "Group ID: g2" "$TmpDir/pki-tps-group-show-001_8.out" + actual_desc_string=`cat $TmpDir/pki-tps-group-show-001_8.out | grep Description: | xargs echo` + expected_desc_string="Description: $desc" + if [[ $actual_desc_string = $expected_desc_string ]] ; then + rlPass "Description: $desc found" + else + rlFail "Description: $desc not found" + fi + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-010: --description with # character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=# g3" \ + 0 \ + "Add group g3 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g3 > $TmpDir/pki-tps-group-show-001_9.out" \ + 0 \ + "Add group g3" + rlAssertGrep "Group \"g3\"" "$TmpDir/pki-tps-group-show-001_9.out" + rlAssertGrep "Group ID: g3" "$TmpDir/pki-tps-group-show-001_9.out" + rlAssertGrep "Description: #" "$TmpDir/pki-tps-group-show-001_9.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-011: --description with * character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=* g4" \ + 0 \ + "Add group g4" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g4 > $TmpDir/pki-tps-group-show-001_10.out" \ + 0 \ + "Show group g4 using TPS_adminV" + rlAssertGrep "Group \"g4\"" "$TmpDir/pki-tps-group-show-001_10.out" + rlAssertGrep "Group ID: g4" "$TmpDir/pki-tps-group-show-001_10.out" + rlAssertGrep "Description: *" "$TmpDir/pki-tps-group-show-001_10.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-012: --description with $ character" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=$ g5" \ + 0 \ + "Add group g5 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g5 > $TmpDir/pki-tps-group-show-001_11.out" \ + 0 \ + "Show group g5 using TPS_adminV" + rlAssertGrep "Group \"g5\"" "$TmpDir/pki-tps-group-show-001_11.out" + rlAssertGrep "Group ID: g5" "$TmpDir/pki-tps-group-show-001_11.out" + rlAssertGrep "Description: \\$" "$TmpDir/pki-tps-group-show-001_11.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-013: --description as number 0" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=0 g6" \ + 0 \ + "Add group g6 using pki TPS_adminV" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g6 > $TmpDir/pki-tps-group-show-001_12.out" \ + 0 \ + "Show group g6 using TPS_adminV" + rlAssertGrep "Group \"g6\"" "$TmpDir/pki-tps-group-show-001_12.out" + rlAssertGrep "Group ID: g6" "$TmpDir/pki-tps-group-show-001_12.out" + rlAssertGrep "Description: 0" "$TmpDir/pki-tps-group-show-001_12.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-014: Show group with -t tps option" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-add --description=test g7" \ + 0 \ + "Adding group g7" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + -t tps \ + tps-group-show g7 > $TmpDir/pki-tps-group-show-001_32.out" \ + 0 \ + "Show group g7 using TPS_adminV" + rlAssertGrep "Group \"g7\"" "$TmpDir/pki-tps-group-show-001_32.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tps-group-show-001_32.out" + rlAssertGrep "Description: $test" "$TmpDir/pki-tps-group-show-001_32.out" + rlPhaseEnd + + + #Negative Cases + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-015: Missing required option group id" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show" + errmsg="Error: No Group ID specified." + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Cannot show group without group id" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-016: Checking if group id case sensitive " + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show G7 > $TmpDir/pki-tps-group-show-001_35.out 2>&1" \ + 0 \ + "Group ID is not case sensitive" + rlAssertGrep "Group \"G7\"" "$TmpDir/pki-tps-group-show-001_35.out" + rlAssertGrep "Group ID: g7" "$TmpDir/pki-tps-group-show-001_35.out" + rlAssertGrep "Description: test" "$TmpDir/pki-tps-group-show-001_35.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-017: Should not be able to show group using a revoked cert TPS_adminR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a admin having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-018: Should not be able to show group using an agent with revoked cert TPS_agentR" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentR_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent having revoked cert" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1134" + rlLog "PKI Ticket: https://fedorahosted.org/pki/ticket/1182" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-019: Should not be able to show group using a valid agent TPS_agentV user" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-020: Should not be able to show group using admin user with expired cert TPS_adminE" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using an expired admin cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-021: Should not be able to show group using TPS_agentE cert" + #Set datetime 2 days ahead + rlRun "date --set='+2 days'" 0 "Set System date 2 days ahead" + rlRun "date" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_agentE_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a agent cert" + rlRun "date --set='2 days ago'" 0 "Set System back to the present day" + rlLog "PKI TICKET :: https://engineering.redhat.com/trac/pki-tests/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-022: Should not be able to show group using a TPS_officerV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_officerV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a officer cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-023: Should not be able to show group using a TPS_operatorV" + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_operatorV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g7" + errmsg="ForbiddenException: Authorization Error" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using a operator cert" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-024: Should not be able to show group using a cert created from a untrusted CA TPS_adminUTCA" + command="pki -d $UNTRUSTED_CERT_DB_LOCATION -n role_user_UTCA -c $UNTRUSTED_CERT_DB_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show g7" + errmsg="PKIException: Unauthorized" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Should not be able to show group g7 using TPS_adminUTCA" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-025: Should not be able to show group using a user cert" + #Create a user cert + rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB tmp_nss_db_pwd:$TEMP_NSS_DB_PASSWD request_type:pkcs10 \ + algo:rsa key_size:2048 subject_cn:\"pki User2\" subject_uid:pkiUser2 subject_email:pkiuser2@example.org \ + organizationalunit:Engineering organization:Example.Inc country:US archive:false req_profile:caUserCert \ + target_host:$TPS_HOST protocol: port:$CA_PORT cert_db_dir:$CERTDB_DIR cert_db_pwd:$CERTDB_DIR_PASSWORD \ + certdb_nick:\"$ROOTCA_agent_user\" cert_info:$cert_info" + local valid_pkcs10_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2) + local valid_decimal_pkcs10_serialNumber=$(cat $cert_info| grep decimal_valid_serialNumber | cut -d- -f2) + rlRun "pki -h $TPS_HOST -p $CA_PORT cert-show $valid_pkcs10_serialNumber --encoded > $TmpDir/pki_tps_group_show_encoded_0025pkcs10.out" 0 "Executing pki cert-show $valid_pkcs10_serialNumber" + rlRun "sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' $TmpDir/pki_tps_group_show_encoded_0025pkcs10.out > $TmpDir/pki_tps_group_show_encoded_0025pkcs10.pem" + rlRun "certutil -d $TEMP_NSS_DB -A -n \"casigningcert\" -i $CERTDB_DIR/ca_cert.pem -t \"CT,CT,CT\"" + rlRun "certutil -d $TEMP_NSS_DB -A -n pkiUser2 -i $TmpDir/pki_tps_group_show_encoded_0025pkcs10.pem -t "u,u,u"" + rlLog "Executing: pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g7" + rlRun "pki -d $TEMP_NSS_DB \ + -n pkiUser2 \ + -c $TEMP_NSS_DB_PASSWD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show g7 > $TmpDir/pki-tps-group-show-pkiUser1-0025.out 2>&1" 255 "Should not be able to find groups using a user cert" + + rlAssertGrep "PKIException: Unauthorized" "$TmpDir/pki-tps-group-show-pkiUser1-0025.out" + rlLog "FAIL: https://fedorahosted.org/pki/ticket/962" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-026: group id length exceeds maximum limit defined in the schema" + group_length_exceed_max=$(openssl rand -hex 10000 | perl -p -e 's/\n//') + command="pki -d $CERTDB_DIR -n $(eval echo \$${subsystemId}_adminV_user) -c $CERTDB_DIR_PASSWORD -h $TPS_HOST -p $TPS_PORT tps-group-show '$group_length_exceed_max'" + errmsg="ClientResponseFailure: ldap can't save, exceeds max length" + errorcode=255 + rlRun "verifyErrorMsg \"$command\" \"$errmsg\" \"$errorcode\"" 0 "Verify expected error message - Show group using TPS_adminV with group id length exceed maximum defined in ldap schema should fail" + rlLog "PKI TICKET: https://fedorahosted.org/pki/ticket/842" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-027: group id with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test 'ÖrjanÄke' > $TmpDir/pki-tps-group-show-001_56.out 2>&1" \ + 0 \ + "Adding gid ÖrjanÄke with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show 'ÖrjanÄke'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show 'ÖrjanÄke' > $TmpDir/pki-tps-group-show-001_56_2.out" \ + 0 \ + "Show group 'ÖrjanÄke'" + rlAssertGrep "Group \"ÖrjanÄke\"" "$TmpDir/pki-tps-group-show-001_56_2.out" + rlAssertGrep "Group ID: ÖrjanÄke" "$TmpDir/pki-tps-group-show-001_56_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_show-028: groupid with i18n characters" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-add --description=test 'ÉricTêko' > $TmpDir/pki-tps-group-show-001_57.out 2>&1" \ + 0 \ + "Adding group id ÉricTêko with i18n characters" + rlLog "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show 'ÉricTêko'" + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-show 'ÉricTêko' > $TmpDir/pki-tps-group-show-001_57_2.out" \ + 0 \ + "Show group 'ÉricTêko'" + rlAssertGrep "Group \"ÉricTêko\"" "$TmpDir/pki-tps-group-show-001_57_2.out" + rlAssertGrep "Group ID: ÉricTêko" "$TmpDir/pki-tps-group-show-001_57_2.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_group_cli_tps_group_cleanup: Deleting the temp directory and groups" + + #===Deleting groups created using TPS_adminV cert===# + i=1 + while [ $i -lt 8 ] ; do + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del g$i > $TmpDir/pki-tps-group-del-group-00$i.out" \ + 0 \ + "Deleted group g$i" + rlAssertGrep "Deleted group \"g$i\"" "$TmpDir/pki-tps-group-del-group-00$i.out" + let i=$i+1 + done + #===Deleting groups(symbols) created using TPS_adminV cert===# + j=1 + while [ $j -lt 8 ] ; do + eval grp=\$group$j + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del $grp > $TmpDir/pki-group-del-tps-group-symbol-00$j.out" \ + 0 \ + "Deleted group $grp" + rlAssertGrep "Deleted group \"$grp\"" "$TmpDir/pki-group-del-tps-group-symbol-00$j.out" + let j=$j+1 + done + + #===Deleting i18n groups created using TPS_adminV cert===# + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÖrjanÄke' > $TmpDir/pki-group-del-tps-group-i18n_1.out" \ + 0 \ + "Deleted group ÖrjanÄke" + rlAssertGrep "Deleted group \"ÖrjanÄke\"" "$TmpDir/pki-group-del-tps-group-i18n_1.out" + + rlRun "pki -d $CERTDB_DIR \ + -n $(eval echo \$${subsystemId}_adminV_user) \ + -c $CERTDB_DIR_PASSWORD \ + -h $TPS_HOST \ + -p $TPS_PORT \ + tps-group-del 'ÉricTêko' > $TmpDir/pki-group-del-tps-group-i18n_2.out" \ + 0 \ + "Deleted group ÉricTêko" + rlAssertGrep "Deleted group \"ÉricTêko\"" "$TmpDir/pki-group-del-tps-group-i18n_2.out" + + #Delete temporary directory + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-group-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh index b98a17c78..fe1daec26 100755 --- a/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh +++ b/tests/dogtag/acceptance/quickinstall/rhcs-install-lib.sh @@ -189,12 +189,13 @@ rhcs_install_RootCA() { #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/ROOTCA_instance_status.txt 2>&1" - exp_result1="$ROOTCA_TOMCAT_INSTANCE_NAME is running" - exp_result2="Secure Admin URL = https://$(hostname):$ROOTCA_SECURE_PORT/ca/services" - if [ $(grep $exp_result1 /tmp/ROOTCA_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/ROOTCA_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog " ROOTCA instance created successfully" - sed -i s/^ROOTCA_INSTANCE_CREATED_STATUS=False/ROOTCA_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$ROOTCA_TOMCAT_INSTANCE_NAME\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$ROOTCA_SECURE_PORT/ca/services" + if [ $(grep $exp_result1 /tmp/ROOTCA_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/ROOTCA_instance_status.txt | wc -l) -gt 0 ]; then + rlLog " ROOTCA instance created successfully" + sed -i s/^ROOTCA_INSTANCE_CREATED_STATUS=False/ROOTCA_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export ROOTCA_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } @@ -215,6 +216,15 @@ rhcs_install_kra() { rhcs_install_prep_disableFirewall local SUBSYSTEM_NAME=$(echo KRA${number}) local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-) + local INSTANCE_NAME=$(eval echo \$KRA${number}_TOMCAT_INSTANCE_NAME) + $(check_instance $INSTANCE_NAME) + local retval=$? + rlLog "retval=$retval" + if [[ "${retval}" -eq 0 ]]; then + IMPORT_ADMIN_CERT_NONCA=True + else + IMPORT_ADMIN_CERT_NONCA=False + fi #Install and configure RHDS instance rlLog "Creating LDAP server Instance to configure KRA" @@ -336,12 +346,13 @@ rhcs_install_kra() { #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/KRA${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$KRA${number}_TOMCAT_INSTANCE_NAME) is running" - exp_result2="Secure Admin URL = https://$(hostname):$(eval echo \$KRA${number}_SECURE_PORT)/kra/services" - if [ $(grep $exp_result1 /tmp/KRA${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/KRA${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "KRA${number} instance creation successful" - sed -i s/^KRA${number}_INSTANCE_CREATED_STATUS=False/KRA${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$(eval echo \$KRA${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$KRA${number}_SECURE_PORT)/kra/services" + if [ $(grep $exp_result1 /tmp/KRA${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/KRA${number}_instance_status.txt | wc -l) -gt 0 ] ; then + rlLog "KRA${number} instance creation successful" + sed -i s/^KRA${number}_INSTANCE_CREATED_STATUS=False/KRA${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export KRA${number}_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } @@ -360,6 +371,15 @@ rhcs_install_ocsp() { local master_hostname=$2 local CA=$3 local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-) + local INSTANCE_NAME=$(eval echo \$OCSP${number}_TOMCAT_INSTANCE_NAME) + $(check_instance $INSTANCE_NAME) + local retval=$? + rlLog "retval=$retval" + if [[ "${retval}" -eq 0 ]]; then + IMPORT_ADMIN_CERT_NONCA=True + else + IMPORT_ADMIN_CERT_NONCA=False + fi local PKI_SECURITY_DOMAIN_PORT=$(eval echo \$${CA}_SECURE_PORT) local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER) #Install and configure RHDS instance @@ -477,12 +497,13 @@ rhcs_install_ocsp() { #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/OCSP${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$OCSP${number}_TOMCAT_INSTANCE_NAME) is running" - exp_result2="Secure Admin URL = https://$(hostname):$(eval echo \$OCSP${number}_SECURE_PORT)/ocsp/services" - if [ $(grep $exp_result1 /tmp/OCSP${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/OCSP${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "OCSP${number} instance creation successful" - sed -i s/^OCSP${number}_INSTANCE_CREATED_STATUS=False/OCSP${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$(eval echo \$OCSP${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$OCSP${number}_SECURE_PORT)/ocsp/services" + if [ $(grep $exp_result1 /tmp/OCSP${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/OCSP${number}_instance_status.txt | wc -l) -gt 0 ] ; then + rlLog "OCSP${number} instance creation successful" + sed -i s/^OCSP${number}_INSTANCE_CREATED_STATUS=False/OCSP${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export OCSP${number}_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } ########################################################### @@ -495,6 +516,15 @@ rhcs_install_tks() { local master_hostname=$2 local CA=$3 local DOMAIN=$(eval echo $master_hostname | cut -d. -f2-) + local INSTANCE_NAME=$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME) + $(check_instance $INSTANCE_NAME) + local retval=$? + rlLog "retval=$retval" + if [[ "${retval}" -eq 0 ]]; then + IMPORT_ADMIN_CERT_NONCA=True + else + IMPORT_ADMIN_CERT_NONCA=False + fi local PKI_SECURITY_DOMAIN_USER=$(eval echo \$${CA}_ADMIN_USER) local PKI_SECURITY_DOMAIN_PORT=$(eval echo \$${CA}_SECURE_PORT) local INSTANCECFG="/tmp/tks_instance.inf" @@ -609,12 +639,13 @@ rhcs_install_tks() { #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/TKS${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME) is running" - exp_result2="Secure Admin URL = https://$(hostname):$(eval echo \$TKS${number}_SECURE_PORT)/ocsp/services" - if [ $(grep $exp_result1 /tmp/TKS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/TKS${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "TKS${number} instance creation successful" - sed -i s/^TKS${number}_INSTANCE_CREATED_STATUS=False/TKS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$TKS${number}_SECURE_PORT)/ocsp/services" + if [ $(grep $exp_result1 /tmp/TKS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/TKS${number}_instance_status.txt | wc -l) -gt 0 ] ; then + rlLog "TKS${number} instance creation successful" + sed -i s/^TKS${number}_INSTANCE_CREATED_STATUS=False/TKS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export TKS${number}_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } @@ -635,6 +666,15 @@ rhcs_install_tps() { local INSTANCECFG="/tmp/tps_instance.inf" local INSTANCE_CREATE_OUT="/tmp/tps_instance_create.out" local SUBSYSTEM_NAME=$(echo TPS${number}) + local INSTANCE_NAME=$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME) + $(check_instance $INSTANCE_NAME) + local retval=$? + rlLog "retval=$retval" + if [[ "${retval}" -eq 0 ]]; then + IMPORT_ADMIN_CERT_NONCA=True + else + IMPORT_ADMIN_CERT_NONCA=False + fi rhcs_install_prep_disableFirewall #Install and configure RHDS instance rlLog "Creating LDAP server Instance to configure TPS" @@ -742,7 +782,7 @@ rhcs_install_tps() { rlAssertGrep "$exp_message4_2" "$INSTANCE_CREATE_OUT" exp_message5="The URL for the subsystem is:" rlAssertGrep "$exp_message5" "$INSTANCE_CREATE_OUT" - exp_message5_1="https://$(hostname):$(eval echo \$TKS${number}_SECURE_PORT)/tps" + exp_message5_1="https://$(hostname):$(eval echo \$TPS${number}_SECURE_PORT)/tps" rlAssertGrep "$exp_message5_1" "$INSTANCE_CREATE_OUT" # echo "export TKS_SERVER_ROOT=/var/lib/pki/$(eval echo \$TKS${number}_TOMCAT_INSTANCE_NAME)/tks" >> /opt/rhqa_pki/env.sh mkdir -p $CLIENT_PKCS12_DIR @@ -751,12 +791,13 @@ rhcs_install_tps() { #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/TPS${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME) is running" - exp_result2="Secure Admin URL = https://$(hostname):$(eval echo \$TPS${number}_SECURE_PORT)/services" - if [ $(grep $exp_result1 /tmp/TPS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/TPS${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "TPS${number} instance creation successful" - sed -i s/^TPS${number}_INSTANCE_CREATED_STATUS=False/TPS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$(eval echo \$TPS${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$TPS${number}_SECURE_PORT)/services" + if [ $(grep $exp_result1 /tmp/TPS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/TPS${number}_instance_status.txt | wc -l) -gt 0 ] ; then + rlLog "TPS${number} instance creation successful" + sed -i s/^TPS${number}_INSTANCE_CREATED_STATUS=False/TPS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export TPS${number}_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } @@ -876,12 +917,13 @@ rhcs_install_cloneCA() #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/CLONE_CA${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$CLONE_CA${number}_TOMCAT_INSTANCE_NAME) is running" - exp_result2="Secure Admin URL = https://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)/services" - if [ $(grep $exp_result1 /tmp/CLONE_CA${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_CA${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "CLONE_CA${number} instance creation successful" - sed -i s/^CLONE_CA${number}_INSTANCE_CREATED_STATUS=False/CLONE_CA${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$(eval echo \$CLONE_CA${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$CLONE_CA${number}_SECURE_PORT)/services" + if [ $(grep $exp_result1 /tmp/CLONE_CA${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_CA${number}_instance_status.txt | wc -l) -gt 0 ] ; then + rlLog "CLONE_CA${number} instance creation successful" + sed -i s/^CLONE_CA${number}_INSTANCE_CREATED_STATUS=False/CLONE_CA${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export CLONE_CA${number}_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } @@ -1028,12 +1070,13 @@ rhcs_install_SubCA(){ #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/SUBCA${number}_instance_status.txt 2>&1" - exp_result1="$SUBCA${number}_TOMCAT_INSTANCE_NAME is running" - exp_result2="Secure Admin URL = https://$(hostname):$SUBCA${number}_SECURE_PORT/ca/services" - if [ $(grep $exp_result1 /tmp/SUBCA${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/SUBCA${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "SUBCA${number} instance created successfully" - sed -i s/^SUBCA${number}_INSTANCE_CREATED_STATUS=False/SUBCA${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$SUBCA${number}_TOMCAT_INSTANCE_NAME\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$SUBCA${number}_SECURE_PORT/ca/services" + if [ $(grep $exp_result1 /tmp/SUBCA${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/SUBCA${number}_instance_status.txt | wc -l) -gt 0 ] ; then + rlLog "SUBCA${number} instance created successfully" + sed -i s/^SUBCA${number}_INSTANCE_CREATED_STATUS=False/SUBCA${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export SUBCA${number}_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } @@ -1142,12 +1185,13 @@ rhcs_install_cloneKRA(){ #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/CLONE_KRA${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$CLONE_KRA${number}_TOMCAT_INSTANCE_NAME) is running" - exp_result2="Secure Admin URL = https://$(hostname):$(eval echo \$CLONE_KRA${number}_SECURE_PORT)/services" - if [ $(grep $exp_result1 /tmp/CLONE_KRA${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_KRA${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "CLONE_KRA${number} instance creation successful" - sed -i s/^CLONE_KRA${number}_INSTANCE_CREATED_STATUS=False/CLONE_KRA${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$(eval echo \$CLONE_KRA${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$CLONE_KRA${number}_SECURE_PORT)/services" + if [ $(grep $exp_result1 /tmp/CLONE_KRA${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_KRA${number}_instance_status.txt | wc -l) -gt 0 ] ; then + rlLog "CLONE_KRA${number} instance creation successful" + sed -i s/^CLONE_KRA${number}_INSTANCE_CREATED_STATUS=False/CLONE_KRA${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export CLONE_KRA${number}_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } @@ -1259,12 +1303,13 @@ rhcs_install_cloneOCSP(){ #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/CLONE_OCSP${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$CLONE_OCSP${number}_TOMCAT_INSTANCE_NAME) is running" - exp_result2="Secure Admin URL = https://$(hostname):$(eval echo \$CLONE_OCSP${number}_SECURE_PORT)/services" - if [ $(grep $exp_result1 /tmp/CLONE_OCSP${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_OCSP${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "CLONE_OCSP${number} instance creation successful" - sed -i s/^CLONE_OCSP${number}_INSTANCE_CREATED_STATUS=False/CLONE_OCSP${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$(eval echo \$CLONE_OCSP${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$CLONE_OCSP${number}_SECURE_PORT)/services" + if [ $(grep $exp_result1 /tmp/CLONE_OCSP${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_OCSP${number}_instance_status.txt | wc -l) -gt 0 ] ; then + rlLog "CLONE_OCSP${number} instance creation successful" + sed -i s/^CLONE_OCSP${number}_INSTANCE_CREATED_STATUS=False/CLONE_OCSP${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export CLONE_OCSP${number}_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } @@ -1372,12 +1417,13 @@ rhcs_install_cloneTKS(){ #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/CLONE_TKS${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$CLONE_TKS${number}_TOMCAT_INSTANCE_NAME) is running" - exp_result2="Secure Admin URL = https://$(hostname):$(eval echo \$CLONE_TKS${number}_SECURE_PORT)/services" - if [ $(grep $exp_result1 /tmp/CLONE_TKS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_TKS${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "CLONE_TKS${number} instance creation successful" - sed -i s/^CLONE_TKS${number}_INSTANCE_CREATED_STATUS=False/CLONE_TKS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$(eval echo \$CLONE_TKS${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$CLONE_TKS${number}_SECURE_PORT)/services" + if [ $(grep $exp_result1 /tmp/CLONE_TKS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_TKS${number}_instance_status.txt | wc -l) -gt 0 ]; then + rlLog "CLONE_TKS${number} instance creation successful" + sed -i s/^CLONE_TKS${number}_INSTANCE_CREATED_STATUS=False/CLONE_TKS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export CLONE_TKS${number}_INSTANCE_CREATED_STATUS=TRUE" + fi rlPhaseEnd } @@ -1492,12 +1538,14 @@ rhcs_install_cloneTPS(){ #Update Instance creation status to env.sh rlLog "Executing: pkidaemon status tomcat" rlRun "pkidaemon status tomcat > /tmp/CLONE_TPS${number}_instance_status.txt 2>&1" - exp_result1="$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME) is running" - exp_result2="Secure Admin URL = https://$(hostname):$(eval echo \$CLONE_TPS${number}_SECURE_PORT)/services" - if [ $(grep $exp_result1 /tmp/CLONE_TPS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_TPS${number}_instance_status.txt | wc -l) -gt 0 ] ; then - rlLog "CLONE_TPS${number} instance creation successful" - sed -i s/^CLONE_TPS${number}_INSTANCE_CREATED_STATUS=False/CLONE_TPS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh - fi + exp_result1="$(eval echo \$CLONE_TPS${number}_TOMCAT_INSTANCE_NAME)\sis\srunning" + exp_result2="Secure\sAdmin\sURL\s\s\s\s=\shttps://$(hostname):$(eval echo \$CLONE_TPS${number}_SECURE_PORT)/services" + if [ $(grep $exp_result1 /tmp/CLONE_TPS${number}_instance_status.txt | wc -l) -gt 0 ] && [ $(grep $exp_result2 /tmp/CLONE_TPS${number}_instance_status.txt | wc -l) -gt 0 ]; then + rlLog "CLONE_TPS${number} instance creation successful" + sed -i s/^CLONE_TPS${number}_INSTANCE_CREATED_STATUS=False/CLONE_TPS${number}_INSTANCE_CREATED_STATUS=TRUE/g /opt/rhqa_pki/env.sh + rlRun "export CLONE_TPS${number}_INSTANCE_CREATED_STATUS=TRUE" + + fi rlPhaseEnd } ########################################################### diff --git a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh index b6685e936..7ed8a5277 100755 --- a/tests/dogtag/acceptance/quickinstall/rhcs-install.sh +++ b/tests/dogtag/acceptance/quickinstall/rhcs-install.sh @@ -45,9 +45,7 @@ . ./acceptance/quickinstall/rhds-install.sh . ./acceptance/quickinstall/rhcs-install-lib.sh ##global variables## -ROOTCA_INSTALLED=TRUE -SUBCA1_INSTALLED=TRUE -SUBCA2_INSTALLED=TRUE +ALT_XMLSTARLET_PATH="https://dl.fedoraproject.org/pub/epel/7/x86_64/x/xmlstarlet-1.6.1-1.el7.x86_64.rpm" #################### run_rhcs_install_packages() { @@ -55,18 +53,18 @@ run_rhcs_install_packages() { # Initialize Global TESTCOUNT variable #TESTCOUNT=1 - COMMON_SERVER_PACKAGES="bind expect pki-console xmlstarlet dos2unix" - #RHELRHCS_PACKAGES="symkey mod-nss pki-native-tools redhat-pki-ca-ui redhat-pki-common-ui redhat-pki-console-ui redhat-pki-kra-ui redhat-pki-ocsp-ui redhat-pki-ra-ui redhat-pki-tks-ui redhat-pki-tps-ui" - DOGTAG_PACKAGES="pki-tools pki-symkey dogtag-pki dogtag-pki-console-theme dogtag-pki-server-theme" + COMMON_SERVER_PACKAGES="bind expect pki-console xmlstarlet dos2unix bc" NTPDATE_PACKAGE="ntpdate" DEPENDENT_PACKAGES="idm-console-framework pki-base pki-ca pki-console pki-kra pki-ocsp pki-server pki-symkey pki-tks pki-tools pki-tps tomcat resteasy-base-jackson-provider resteasy-base-jaxb-provider resteasy-base-jaxrs resteasy-base-jaxrs-api" - rlRun "setenforce 0" + #rlRun "setenforce 0" cat /etc/redhat-release | grep "Fedora" if [ $? -eq 0 ] ; then FLAVOR="Fedora" + OS_SPECIFIC_PACKAGES="pki-tools pki-symkey dogtag-pki dogtag-pki-console-theme dogtag-pki-server-theme 389-ds-base" rlLog "Automation is running against Fedora" - else + else FLAVOR="RHEL" + OS_SPECIFIC_PACKAGES="pki-tools pki-symkey redhat-pki redhat-pki-console-theme redhat-pki-server-theme redhat-ds" rlLog "Automation is running against RHEL" fi @@ -81,13 +79,20 @@ run_rhcs_install_packages() { rlLog "CA instance will be installed on $HOSTNAME" rlLog "yum -y install $COMMON_SERVER_PACKAGES" yum -y install $COMMON_SERVER_PACKAGES - yum -y install $DOGTAG_PACKAGES + rlLog "yum -y install $OS_SPECIFIC_PACKAGES" + yum -y install $OS_SPECIFIC_PACKAGES rpm -qa | grep xmlstarlet if [ $? -eq 0 ]; then rlLog "xmlstarlet installed" else wget $XMLSTARLET_PATH - rpm -ivh xmlstarlet* + RETVAL=$? + if (( $RETVAL == 0)); then + rpm -ivh xmlstarlet* + else + wget $ALT_XMLSTARLET_PATH + rpm -ivh xmlstarlet* + fi fi rlLog "yum -y install $NTPDATE_PACKAGE" yum -y install $NTPDATE_PACKAGE @@ -128,7 +133,7 @@ run_rhcs_install_packages() { run_install_subsystem_RootCA() { rlPhaseStartSetup "rhcs_install_subsystem_RootCA: Default install" - ALL_PACKAGES="$COMMON_SERVER_PACKAGES $DOGTAG_PACKAGES $DEPENDENT_PACKAGES $NTPDATE_PACKAGE" + ALL_PACKAGES="$COMMON_SERVER_PACKAGES $OS_SPECIFIC_PACKAGES $DEPENDENT_PACKAGES $NTPDATE_PACKAGE" for item in $ALL_PACKAGES ; do rpm -qa | grep $item if [ $? -eq 0 ] ; then @@ -136,15 +141,11 @@ run_install_subsystem_RootCA() else rlLog "ERROR: $item package is NOT installed" rc=1 - ROOTCA_INSTALLED=FALSE rlDie "$item is not installed" fi done if [ $rc -eq 0 ] ; then rhcs_install_RootCA - if [ $? -ne 0 ]; then - ROOTCA_INSTALLED=FALSE - fi fi rlPhaseEnd } @@ -158,18 +159,14 @@ run_install_subsystem_kra() { number=$1 master_hostname=$2 CA=$3 - KRA="KRA${number}" - eval ${KRA}_INSTALLED=TRUE rpm -qa | grep pki-kra if [ $? -eq 0 ] ; then rlLog "pki-kra package is installed" else rlLog "ERROR: $item package is NOT installed" rc=1 - eval ${KRA}_INSTALLED=FALSE fi - - if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTANCE_CREATED_STATUS) = "TRUE" ]; then rhcs_install_kra $number $master_hostname $CA fi rlPhaseEnd @@ -190,10 +187,9 @@ run_install_subsystem_ocsp() { else rlLog "ERROR: $item package is NOT installed" rc=1 - OCSP3_INSTALLED=FALSE fi - if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTANCE_CREATED_STATUS) = "TRUE" ]; then rhcs_install_ocsp $number $master_hostname $CA fi rlPhaseEnd @@ -204,9 +200,9 @@ run_install_subsystem_ocsp() { #rlLog "RA instance will be installed on $HOSTNAME" #rc=0 #yum -y install $COMMON_SERVER_PACKAGES - #yum -y install $DOGTAG_PACKAGES + #yum -y install $OS_SPECIFIC_PACKAGES #if [ "$FLAVOR" == "Fedora" ] ; then - #ALL_PACKAGES="$COMMON_SERVER_PACKAGES $DOGTAG_PACKAGES" + #ALL_PACKAGES="$COMMON_SERVER_PACKAGES $OS_SPECIFIC_PACKAGES" #for item in $ALL_PACKAGES ; do #rpm -qa | grep $item #if [ $? -eq 0 ] ; then @@ -232,18 +228,15 @@ run_install_subsystem_tks() { number=$1 master_hostname=$2 CA=$3 - TKS="TKS${number}" - eval ${TKS}_INSTALLED=TRUE + KRA=$4 rpm -qa | grep pki-tks if [ $? -eq 0 ] ; then rlLog "pki-tks package is installed" else rlLog "ERROR: $item package is NOT installed" rc=1 - eval ${TKS}_INSTALLED=FALSE fi - - if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ]; then + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTANCE_CREATED_STATUS) = "TRUE" ] && [ $(eval echo \$${KRA}_INSTANCE_CREATED_STATUS) = "TRUE" ]; then rlLog "Installing TKS" rhcs_install_tks $number $master_hostname $CA fi @@ -267,7 +260,7 @@ run_install_subsystem_tps() { rlLog "ERROR: $item package is NOT installed" rc=1 fi - if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTALLED) = "TRUE" ] && [ $(eval echo \$${KRA}_INSTALLED) = "TRUE" ] && [ $(eval echo \$${TKS}_INSTALLED) = "TRUE" ] ; then + if [ $rc -eq 0 ] && [ $(eval echo \$${CA}_INSTANCE_CREATED_STATUS) = "TRUE" ] && [ $(eval echo \$${KRA}_INSTANCE_CREATED_STATUS) = "TRUE" ] && [ $(eval echo \$${TKS}_INSTANCE_CREATED_STATUS) = "TRUE" ]; then rlLog "Installing TPS" rhcs_install_tps $number $master_hostname $CA $KRA $TKS fi @@ -288,9 +281,9 @@ run_install_subsystem_subca(){ rlLog "Sub CA instance will be installed on $HOSTNAME" rc=0 yum -y install $COMMON_SERVER_PACKAGES - yum -y install $DOGTAG_PACKAGES + yum -y install $OS_SPECIFIC_PACKAGES - ALL_PACKAGES="$COMMON_SERVER_PACKAGES $DOGTAG_PACKAGES" + ALL_PACKAGES="$COMMON_SERVER_PACKAGES $OS_SPECIFIC_PACKAGES" for item in $ALL_PACKAGES ; do rpm -qa | grep $item if [ $? -eq 0 ] ; then @@ -298,16 +291,12 @@ run_install_subsystem_subca(){ else rlLog "ERROR: $item package is NOT installed" rc=1 - eval SUBCA${number}_INSTALLED=FALSE break fi done if [ $rc -eq 0 ] ; then rlLog "Installing Sub CA" rhcs_install_SubCA $number $master_hostname $CA - if [ $? -ne 0 ]; then - eval SUBCA${number}_INSTALLED=FALSE - fi fi rlPhaseEnd } @@ -327,8 +316,8 @@ run_install_subsystem_cloneCA() { rlLog "Clone CA instance will be installed on $HOSTNAME" rc=0 yum -y install $COMMON_SERVER_PACKAGES - yum -y install $DOGTAG_PACKAGES - ALL_PACKAGES="$COMMON_SERVER_PACKAGES $DOGTAG_PACKAGES" + yum -y install $ + ALL_PACKAGES="$COMMON_SERVER_PACKAGES $OS_SPECIFIC_PACKAGES" for item in $ALL_PACKAGES ; do rpm -qa | grep $item if [ $? -eq 0 ] ; then diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index f55849f00..36f9cef08 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -87,15 +87,15 @@ . ./acceptance/cli-tests/pki-ca-cert-cli/pki-ca-cert-cli-request-review-ca.sh . ./acceptance/cli-tests/pki-ca-cert-cli/pki-ca-cert-cli-request-find-ca.sh . ./acceptance/cli-tests/pki-ca-cert-cli/pki-ca-cert-cli-find-ca.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-ca.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-ca.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-ca.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-ca.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-ca.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-ca.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-ca.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-ca.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-ca.sh +. ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-add-ca.sh +. ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-show-ca.sh +. ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-find-ca.sh +. ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-mod-ca.sh +. ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-del-ca.sh +. ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-add-ca.sh +. ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-find-ca.sh +. ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-del-ca.sh +. ./acceptance/cli-tests/pki-group-cli/ca/pki-group-cli-group-member-show-ca.sh . ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-add.sh . ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-show.sh . ./acceptance/cli-tests/pki-ca-user-cli/pki-ca-user-cli-ca-user-find.sh @@ -118,6 +118,68 @@ . ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-show.sh . ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-find.sh . ./acceptance/cli-tests/pki-ca-group-cli/pki-ca-group-cli-ca-group-member-del.sh +. ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-show-kra.sh +. ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-find-kra.sh +. ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-mod-kra.sh +. ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-del-kra.sh +. ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-add-kra.sh +. ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-find-kra.sh +. ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-del-kra.sh +. ./acceptance/cli-tests/pki-group-cli/kra/pki-group-cli-group-member-show-kra.sh +. ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-add-ocsp.sh +. ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-show-ocsp.sh +. ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-find-ocsp.sh +. ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-mod-ocsp.sh +. ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-del-ocsp.sh +. ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-add-ocsp.sh +. ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-find-ocsp.sh +. ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-del-ocsp.sh +. ./acceptance/cli-tests/pki-group-cli/ocsp/pki-group-cli-group-member-show-ocsp.sh +. ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-add-tks.sh +. ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-show-tks.sh +. ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-find-tks.sh +. ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-mod-tks.sh +. ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-del-tks.sh +. ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-add-tks.sh +. ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-find-tks.sh +. ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-del-tks.sh +. ./acceptance/cli-tests/pki-group-cli/tks/pki-group-cli-group-member-show-tks.sh +. ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-add-tps.sh +. ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-show-tps.sh +. ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-find-tps.sh +. ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-mod-tps.sh +. ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-del-tps.sh +. ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-add-tps.sh +. ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-find-tps.sh +. ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-del-tps.sh +. ./acceptance/cli-tests/pki-group-cli/tps/pki-group-cli-group-member-show-tps.sh +. ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-add.sh +. ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-mod.sh +. ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-find.sh +. ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-show.sh +. ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-del.sh +. ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-add.sh +. ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-show.sh +. ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-find.sh +. ./acceptance/cli-tests/pki-ocsp-group-cli/pki-ocsp-group-cli-ocsp-group-member-del.sh +. ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-add.sh +. ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-mod.sh +. ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-find.sh +. ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-show.sh +. ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-del.sh +. ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-add.sh +. ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-show.sh +. ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-find.sh +. ./acceptance/cli-tests/pki-tks-group-cli/pki-tks-group-cli-tks-group-member-del.sh +. ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-add.sh +. ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-mod.sh +. ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-find.sh +. ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-show.sh +. ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-del.sh +. ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-add.sh +. ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-show.sh +. ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-find.sh +. ./acceptance/cli-tests/pki-tps-group-cli/pki-tps-group-cli-tps-group-member-del.sh . ./acceptance/cli-tests/pki-key-cli/pki-key-cli-kra.sh . ./acceptance/cli-tests/pki-key-cli/pki-key-cli-generate-kra.sh . ./acceptance/cli-tests/pki-key-cli/pki-key-cli-find-kra.sh @@ -159,15 +221,6 @@ . ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-show.sh . ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-find.sh . ./acceptance/cli-tests/pki-kra-group-cli/pki-kra-group-cli-kra-group-member-del.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-add-kra.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-show-kra.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-find-kra.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-mod-kra.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-del-kra.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-add-kra.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-find-kra.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-del-kra.sh -. ./acceptance/cli-tests/pki-group-cli/pki-group-cli-group-member-show-kra.sh . ./acceptance/cli-tests/pki-ca-profile-cli/pki-ca-profile-cli.sh . ./acceptance/cli-tests/pki-ca-profile-cli/pki-ca-profile-cli-show.sh . ./acceptance/cli-tests/pki-ca-profile-cli/pki-ca-profile-cli-enable.sh @@ -225,6 +278,7 @@ . ./acceptance/legacy/tks-tests/logs/tks-ad-logs.sh . ./acceptance/legacy/tks-tests/internaldb/tks-ad-internaldb.sh . ./acceptance/legacy/ipa-tests/ipa_backend_plugin.sh +. ./acceptance/legacy/tps-tests/tps-enrollments.sh . ./acceptance/legacy/clone_drm_tests/clone_drm_agent_tests.sh . ./acceptance/legacy/clone_ca_tests/clone_tests.sh . ./acceptance/install-tests/ca-installer.sh @@ -265,7 +319,6 @@ . ./acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli.sh - # Make sure TESTORDER is initialized or multihost may have issues TESTORDER=1 dir1="/opt/rhqa_pki/CodeCoveragePKIhtml" @@ -351,7 +404,155 @@ rlJournalStart run_rhcs_install_set_vars run_rhcs_install_topo_9 fi - ######## CREATE ROLE USERS ############# + PKI_CA_QUICKINSTALL_UPPERCASE=$(echo $PKI_CA_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_CA_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + PKI_SUBCA_QUICKINSTALL_UPPERCASE=$(echo $PKI_SUBCA_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_SUBCA_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + number=3 + SUBCA_number=1 + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_subca $SUBCA_number $BEAKERMASTER $CA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" + fi + PKI_KRA_QUICKINSTALL_UPPERCASE=$(echo $PKI_KRA_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_KRA_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + number=3 + MASTER_KRA=KRA3 + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_kra $number $BEAKERMASTER $CA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + PKI_OCSP_QUICKINSTALL_UPPERCASE=$(echo $PKI_OCSP_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_OCSP_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + number=3 + MASTER_OCSP=OCSP3 + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_ocsp $number $BEAKERMASTER $CA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + PKI_TKS_QUICKINSTALL_UPPERCASE=$(echo $PKI_TKS_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_TKS_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + number=3 + TKS_number=1 + MASTER_KRA=KRA3 + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_kra $number $BEAKERMASTER $CA + run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA $MASTER_KRA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + PKI_TPS_QUICKINSTALL_UPPERCASE=$(echo $PKI_TPS_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_TPS_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + number=3 + TKS_number=1 + TPS_number=1 + MASTER_TKS=TKS1 + MASTER_KRA=KRA3 + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_kra $number $BEAKERMASTER $CA + run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA $MASTER_KRA + run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + PKI_CLONECA_QUICKINSTALL_UPPERCASE=$(echo $PKI_CLONECA_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_CLONECA_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + number=3 + CLONE_number=1 + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_cloneCA $CLONE_number $BEAKERMASTER $CA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + PKI_CLONEKRA_QUICKINSTALL_UPPERCASE=$(echo $PKI_CLONEKRA_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_CLONEKRA_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + number=3 + CLONE_number=1 + MASTER_KRA=KRA3 + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_kra $number $BEAKERMASTER $CA + run_install_subsystem_cloneKRA $CLONE_number $BEAKERMASTER $CA $MASTER_KRA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + PKI_CLONETKS_QUICKINSTALL_UPPERCASE=$(echo $PKI_CLONETKS_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_CLONETKS_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + number=3 + TKS_number=1 + CLONE_number=1 + MASTER_KRA=KRA3 + MASTER_TKS=TKS1 + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_kra $number $BEAKERMASTER $CA + run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA + run_install_subsystem_cloneTKS $CLONE_number $BEAKERMASTER $CA + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + PKI_CLONETPS_QUICKINSTALL_UPPERCASE=$(echo $PKI_CLONETPS_QUICKINSTALL | tr [a-z] [A-Z]) + if [ "$PKI_CLONETPS_QUICKINSTALL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL" = "TRUE" ]; then + BEAKERMASTER=$MASTER + CA=ROOTCA + number=3 + TKS_number=1 + TPS_number=1 + CLONE_number=1 + MASTER_TKS=TKS1 + run_rhcs_set_time + run_rhcs_install_set_vars + run_rhcs_install_packages + run_install_subsystem_RootCA + run_install_subsystem_kra $number $BEAKERMASTER $CA + run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA + run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS + run_install_subsystem_cloneTPS $CLONE_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS + run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + fi + ######## CREATE ROLE USERS ############# PKI_CREATE_CA_ROLE_USER_UPPERCASE=$(echo $PKI_CREATE_CA_ROLE_USER | tr [a-z] [A-Z]) if [ "$PKI_CREATE_CA_ROLE_USER_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Create CA role users @@ -675,17 +876,18 @@ rlJournalStart if [ "$CERT_TEST_UPPERCASE" = "TRUE" ] ; then #Execute pki cert tests subsystemType=ca - run_pki-cert-ca_tests - run_pki-cert-revoke-ca_tests $subsystemType $MYROLE - run_pki-cert-show-ca_tests $subsystemType $MYROLE run_pki-cert-request-show-ca_tests $subsystemType $MYROLE - run_pki-cert-release-hold-ca_tests $subsystemType $MYROLE - run_pki-cert-hold-ca_tests $subsystemType $MYROLE + run_pki-cert-show-ca_tests $subsystemType $MYROLE run_pki-cert-request-submit_tests $subsystemType $MYROLE run_pki-cert-request-profile-find-ca_tests $subsystemType $MYROLE run_pki-cert-request-profile-show-ca_tests $subsystemType $MYROLE run_pki-cert-request-review-ca_tests $subsystemType $MYROLE run_pki-cert-request-find-ca_tests $subsystemType $MYROLE + run_pki-cert-revoke-ca_tests $subsystemType $MYROLE + run_pki-cert-release-hold-ca_tests $subsystemType $MYROLE + run_pki-cert-hold-ca_tests $subsystemType $MYROLE + run_pki-cert-find-ca_tests $subsystemType $MYROLE + run_pki-cert-ca_tests fi CERT_CONFIG_CA_UPPERCASE=$(echo $CERT_CONFIG_CA | tr [a-z] [A-Z]) if [ "$CERT_CONFIG_CA_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then @@ -763,18 +965,19 @@ rlJournalStart if [ "$PKI_CA_CERT_TEST_UPPERCASE" = "TRUE" ] ; then #Execute pki cert tests subsystemType=ca - run_pki-ca-cert-ca_tests - run_pki-ca-cert-revoke-ca_tests $subsystemType $MYROLE - run_pki-ca-cert-show-ca_tests $subsystemType $MYROLE run_pki-ca-cert-request-show-ca_tests $subsystemType $MYROLE - run_pki-ca-cert-release-hold-ca_tests $subsystemType $MYROLE - run_pki-ca-cert-hold-ca_tests $subsystemType $MYROLE + run_pki-ca-cert-show-ca_tests $subsystemType $MYROLE run_pki-ca-cert-request-submit_tests $subsystemType $MYROLE run_pki-ca-cert-request-profile-find-ca_tests $subsystemType $MYROLE run_pki-ca-cert-request-profile-show-ca_tests $subsystemType $MYROLE run_pki-ca-cert-request-review-ca_tests $subsystemType $MYROLE run_pki-ca-cert-request-find-ca_tests $subsystemType $MYROLE + run_pki-ca-cert-revoke-ca_tests $subsystemType $MYROLE + run_pki-ca-cert-release-hold-ca_tests $subsystemType $MYROLE + run_pki-ca-cert-hold-ca_tests $subsystemType $MYROLE run_pki-ca-cert-find-ca_tests $subsystemType $MYROLE + run_pki-ca-cert-ca_tests + fi CA_CERT_CONFIG_UPPERCASE=$(echo $CA_CERT_CONFIG | tr [a-z] [A-Z]) if [ "$CA_CERT_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then @@ -1452,6 +1655,540 @@ rlJournalStart subsystemType=kra caId=$CA_INST run_pki-kra-group-cli-kra-group-member-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + ######## PKI GROUP OCSP TESTS ############ + PKI_GROUP_OCSP_TEST_UPPERCASE=$(echo $PKI_GROUP_OCSP_TEST | tr [a-z] [A-Z]) + if [ "$PKI_GROUP_OCSP_TEST_UPPERCASE" = "TRUE" ] ; then + #Execute pki group tests for ocsp + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-group-cli-group-show-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-mod-ocsp_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-group-cli-group-del-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-show-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-del-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_ADD_OCSP_UPPERCASE=$(echo $GROUP_ADD_OCSP | tr [a-z] [A-Z]) + if [ "$GROUP_ADD_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-add-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId + fi + GROUP_SHOW_OCSP_UPPERCASE=$(echo $GROUP_SHOW_OCSP | tr [a-z] [A-Z]) + if [ "$GROUP_SHOW_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-show-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-show-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_FIND_OCSP_UPPERCASE=$(echo $GROUP_FIND_OCSP | tr [a-z] [A-Z]) + if [ "$GROUP_FIND_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-find-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MOD_OCSP_UPPERCASE=$(echo $GROUP_MOD_OCSP | tr [a-z] [A-Z]) + if [ "$GROUP_MOD_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-mod-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-mod-ocsp_tests $subsystemId $subsystemType $MYROLE $caId + fi + GROUP_DEL_OCSP_UPPERCASE=$(echo $GROUP_DEL_OCSP | tr [a-z] [A-Z]) + if [ "$GROUP_DEL_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-del-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-del-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_ADD_OCSP_UPPERCASE=$(echo $GROUP_MEMBER_ADD_OCSP | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_ADD_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-add-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-member-add-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_FIND_OCSP_UPPERCASE=$(echo $GROUP_MEMBER_FIND_OCSP | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_FIND_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-find-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-member-find-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_DEL_OCSP_UPPERCASE=$(echo $GROUP_MEMBER_DEL_OCSP | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_DEL_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-del-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-member-del-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_SHOW_OCSP_UPPERCASE=$(echo $GROUP_MEMBER_SHOW_OCSP | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_SHOW_OCSP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-show-ocsp tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-group-cli-group-member-show-ocsp_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + ######## PKI OCSP GROUP TESTS ############ + PKI_OCSP_GROUP_TEST_UPPERCASE=$(echo $PKI_OCSP_GROUP_TEST | tr [a-z] [A-Z]) + if [ "$PKI_OCSP_GROUP_TEST_UPPERCASE" = "TRUE" ] ; then + #Execute pki ocsp-group tests + subsystemId=$OCSP_INST + caId=$CA_INST + subsystemType=ocsp + run_pki-ocsp-group-cli-ocsp-group-add_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-ocsp-group-cli-ocsp-group-mod_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-ocsp-group-cli-ocsp-group-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-group-cli-ocsp-group-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-group-cli-ocsp-group-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-group-cli-ocsp-group-member-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-group-cli-ocsp-group-member-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-group-cli-ocsp-group-member-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-ocsp-group-cli-ocsp-group-member-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_GROUP_ADD_UPPERCASE=$(echo $OCSP_GROUP_ADD | tr [a-z] [A-Z]) + if [ "$OCSP_GROUP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-group-add tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-group-cli-ocsp-group-add_tests $subsystemId $subsystemType $MYROLE $caId + fi + OCSP_GROUP_MOD_UPPERCASE=$(echo $OCSP_GROUP_MOD | tr [a-z] [A-Z]) + if [ "$OCSP_GROUP_MOD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-group-mod tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-group-cli-ocsp-group-mod_tests $subsystemId $subsystemType $MYROLE $caId + fi + OCSP_GROUP_FIND_UPPERCASE=$(echo $OCSP_GROUP_FIND | tr [a-z] [A-Z]) + if [ "$OCSP_GROUP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-group-find tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-group-cli-ocsp-group-find_tests $subsystemId $subsystemType $MYROLE $caId + fi + OCSP_GROUP_SHOW_UPPERCASE=$(echo $OCSP_GROUP_SHOW | tr [a-z] [A-Z]) + if [ "$OCSP_GROUP_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-group-show tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-group-cli-ocsp-group-show_tests $subsystemId $subsystemType $MYROLE $caId + fi + OCSP_GROUP_DEL_UPPERCASE=$(echo $OCSP_GROUP_DEL | tr [a-z] [A-Z]) + if [ "$OCSP_GROUP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-group-del tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-group-cli-ocsp-group-del_tests $subsystemId $subsystemType $MYROLE $caId + fi + OCSP_GROUP_MEMBER_ADD_UPPERCASE=$(echo $OCSP_GROUP_MEMBER_ADD | tr [a-z] [A-Z]) + if [ "$OCSP_GROUP_MEMBER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-group-member-add tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-group-cli-ocsp-group-member-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_GROUP_MEMBER_SHOW_UPPERCASE=$(echo $OCSP_GROUP_MEMBER_SHOW | tr [a-z] [A-Z]) + if [ "$OCSP_GROUP_MEMBER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-group-member-show tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-group-cli-ocsp-group-member-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_GROUP_MEMBER_FIND_UPPERCASE=$(echo $OCSP_GROUP_MEMBER_FIND | tr [a-z] [A-Z]) + if [ "$OCSP_GROUP_MEMBER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-group-member-find tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-group-cli-ocsp-group-member-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + OCSP_GROUP_MEMBER_DEL_UPPERCASE=$(echo $OCSP_GROUP_MEMBER_DEL | tr [a-z] [A-Z]) + if [ "$OCSP_GROUP_MEMBER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki ocsp-group-member-del tests + subsystemId=$OCSP_INST + subsystemType=ocsp + caId=$CA_INST + run_pki-ocsp-group-cli-ocsp-group-member-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + ######## PKI TKS GROUP TESTS ############ + PKI_TKS_GROUP_TEST_UPPERCASE=$(echo $PKI_TKS_GROUP_TEST | tr [a-z] [A-Z]) + if [ "$PKI_TKS_GROUP_TEST_UPPERCASE" = "TRUE" ] ; then + #Execute pki tks-group tests + subsystemId=$TKS_INST + caId=$CA_INST + subsystemType=tks + run_pki-tks-group-cli-tks-group-add_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-tks-group-cli-tks-group-mod_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-tks-group-cli-tks-group-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-group-cli-tks-group-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-group-cli-tks-group-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-group-cli-tks-group-member-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-group-cli-tks-group-member-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-group-cli-tks-group-member-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tks-group-cli-tks-group-member-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_GROUP_ADD_UPPERCASE=$(echo $TKS_GROUP_ADD | tr [a-z] [A-Z]) + if [ "$TKS_GROUP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-group-add tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-group-cli-tks-group-add_tests $subsystemId $subsystemType $MYROLE $caId + fi + TKS_GROUP_MOD_UPPERCASE=$(echo $TKS_GROUP_MOD | tr [a-z] [A-Z]) + if [ "$TKS_GROUP_MOD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-group-mod tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-group-cli-tks-group-mod_tests $subsystemId $subsystemType $MYROLE $caId + fi + TKS_GROUP_FIND_UPPERCASE=$(echo $TKS_GROUP_FIND | tr [a-z] [A-Z]) + if [ "$TKS_GROUP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-group-find tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-group-cli-tks-group-find_tests $subsystemId $subsystemType $MYROLE $caId + fi + TKS_GROUP_SHOW_UPPERCASE=$(echo $TKS_GROUP_SHOW | tr [a-z] [A-Z]) + if [ "$TKS_GROUP_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-group-show tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-group-cli-tks-group-show_tests $subsystemId $subsystemType $MYROLE $caId + fi + TKS_GROUP_DEL_UPPERCASE=$(echo $TKS_GROUP_DEL | tr [a-z] [A-Z]) + if [ "$TKS_GROUP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-group-del tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-group-cli-tks-group-del_tests $subsystemId $subsystemType $MYROLE $caId + fi + TKS_GROUP_MEMBER_ADD_UPPERCASE=$(echo $TKS_GROUP_MEMBER_ADD | tr [a-z] [A-Z]) + if [ "$TKS_GROUP_MEMBER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-group-member-add tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-group-cli-tks-group-member-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_GROUP_MEMBER_SHOW_UPPERCASE=$(echo $TKS_GROUP_MEMBER_SHOW | tr [a-z] [A-Z]) + if [ "$TKS_GROUP_MEMBER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-group-member-show tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-group-cli-tks-group-member-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_GROUP_MEMBER_FIND_UPPERCASE=$(echo $TKS_GROUP_MEMBER_FIND | tr [a-z] [A-Z]) + if [ "$TKS_GROUP_MEMBER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-group-member-find tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-group-cli-tks-group-member-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TKS_GROUP_MEMBER_DEL_UPPERCASE=$(echo $TKS_GROUP_MEMBER_DEL | tr [a-z] [A-Z]) + if [ "$TKS_GROUP_MEMBER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tks-group-member-del tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-tks-group-cli-tks-group-member-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + ######## PKI GROUP TKS TESTS ############ + PKI_GROUP_TKS_TEST_UPPERCASE=$(echo $PKI_GROUP_TKS_TEST | tr [a-z] [A-Z]) + if [ "$PKI_GROUP_TKS_TEST_UPPERCASE" = "TRUE" ] ; then + #Execute pki group tests for tks + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-add-tks_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-group-cli-group-show-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-mod-tks_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-group-cli-group-del-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-add-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-show-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-del-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_ADD_TKS_UPPERCASE=$(echo $GROUP_ADD_TKS | tr [a-z] [A-Z]) + if [ "$GROUP_ADD_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-add-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-add-tks_tests $subsystemId $subsystemType $MYROLE $caId + fi + GROUP_SHOW_TKS_UPPERCASE=$(echo $GROUP_SHOW_TKS | tr [a-z] [A-Z]) + if [ "$GROUP_SHOW_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-show-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-show-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_FIND_TKS_UPPERCASE=$(echo $GROUP_FIND_TKS | tr [a-z] [A-Z]) + if [ "$GROUP_FIND_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-find-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MOD_TKS_UPPERCASE=$(echo $GROUP_MOD_TKS | tr [a-z] [A-Z]) + if [ "$GROUP_MOD_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-mod-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-mod-tks_tests $subsystemId $subsystemType $MYROLE $caId + fi + GROUP_DEL_TKS_UPPERCASE=$(echo $GROUP_DEL_TKS | tr [a-z] [A-Z]) + if [ "$GROUP_DEL_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-del-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-del-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_ADD_TKS_UPPERCASE=$(echo $GROUP_MEMBER_ADD_TKS | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_ADD_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-add-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-member-add-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_FIND_TKS_UPPERCASE=$(echo $GROUP_MEMBER_FIND_TKS | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_FIND_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-find-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-member-find-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_DEL_TKS_UPPERCASE=$(echo $GROUP_MEMBER_DEL_TKS | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_DEL_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-del-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-member-del-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_SHOW_TKS_UPPERCASE=$(echo $GROUP_MEMBER_SHOW_TKS | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_SHOW_TKS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-show-tks tests + subsystemId=$TKS_INST + subsystemType=tks + caId=$CA_INST + run_pki-group-cli-group-member-show-tks_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + ######## PKI TPS GROUP TESTS ############ + PKI_TPS_GROUP_TEST_UPPERCASE=$(echo $PKI_TPS_GROUP_TEST | tr [a-z] [A-Z]) + if [ "$PKI_TPS_GROUP_TEST_UPPERCASE" = "TRUE" ] ; then + #Execute pki tps-group tests + subsystemId=$TPS_INST + caId=$CA_INST + subsystemType=tps + run_pki-tps-group-cli-tps-group-add_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-tps-group-cli-tps-group-mod_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-tps-group-cli-tps-group-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-group-cli-tps-group-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-group-cli-tps-group-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-group-cli-tps-group-member-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-group-cli-tps-group-member-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-group-cli-tps-group-member-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-tps-group-cli-tps-group-member-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_GROUP_ADD_UPPERCASE=$(echo $TPS_GROUP_ADD | tr [a-z] [A-Z]) + if [ "$TPS_GROUP_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-group-add tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-group-cli-tps-group-add_tests $subsystemId $subsystemType $MYROLE $caId + fi + TPS_GROUP_MOD_UPPERCASE=$(echo $TPS_GROUP_MOD | tr [a-z] [A-Z]) + if [ "$TPS_GROUP_MOD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-group-mod tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-group-cli-tps-group-mod_tests $subsystemId $subsystemType $MYROLE $caId + fi + TPS_GROUP_FIND_UPPERCASE=$(echo $TPS_GROUP_FIND | tr [a-z] [A-Z]) + if [ "$TPS_GROUP_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-group-find tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-group-cli-tps-group-find_tests $subsystemId $subsystemType $MYROLE $caId + fi + TPS_GROUP_SHOW_UPPERCASE=$(echo $TPS_GROUP_SHOW | tr [a-z] [A-Z]) + if [ "$TPS_GROUP_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-group-show tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-group-cli-tps-group-show_tests $subsystemId $subsystemType $MYROLE $caId + fi + TPS_GROUP_DEL_UPPERCASE=$(echo $TPS_GROUP_DEL | tr [a-z] [A-Z]) + if [ "$TPS_GROUP_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-group-del tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-group-cli-tps-group-del_tests $subsystemId $subsystemType $MYROLE $caId + fi + TPS_GROUP_MEMBER_ADD_UPPERCASE=$(echo $TPS_GROUP_MEMBER_ADD | tr [a-z] [A-Z]) + if [ "$TPS_GROUP_MEMBER_ADD_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-group-member-add tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-group-cli-tps-group-member-add_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_GROUP_MEMBER_SHOW_UPPERCASE=$(echo $TPS_GROUP_MEMBER_SHOW | tr [a-z] [A-Z]) + if [ "$TPS_GROUP_MEMBER_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-group-member-show tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-group-cli-tps-group-member-show_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_GROUP_MEMBER_FIND_UPPERCASE=$(echo $TPS_GROUP_MEMBER_FIND | tr [a-z] [A-Z]) + if [ "$TPS_GROUP_MEMBER_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-group-member-find tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-group-cli-tps-group-member-find_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + TPS_GROUP_MEMBER_DEL_UPPERCASE=$(echo $TPS_GROUP_MEMBER_DEL | tr [a-z] [A-Z]) + if [ "$TPS_GROUP_MEMBER_DEL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki tps-group-member-del tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-tps-group-cli-tps-group-member-del_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + ######## PKI GROUP TPS TESTS ############ + PKI_GROUP_TPS_TEST_UPPERCASE=$(echo $PKI_GROUP_TPS_TEST | tr [a-z] [A-Z]) + if [ "$PKI_GROUP_TPS_TEST_UPPERCASE" = "TRUE" ] ; then + #Execute pki group tests for tps + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-add-tps_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-group-cli-group-show-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-mod-tps_tests $subsystemId $subsystemType $MYROLE $caId + run_pki-group-cli-group-del-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-add-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-show-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + run_pki-group-cli-group-member-del-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_ADD_TPS_UPPERCASE=$(echo $GROUP_ADD_TPS | tr [a-z] [A-Z]) + if [ "$GROUP_ADD_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-add-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-add-tps_tests $subsystemId $subsystemType $MYROLE $caId + fi + GROUP_SHOW_TPS_UPPERCASE=$(echo $GROUP_SHOW_TPS | tr [a-z] [A-Z]) + if [ "$GROUP_SHOW_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-show-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-show-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_FIND_TPS_UPPERCASE=$(echo $GROUP_FIND_TPS | tr [a-z] [A-Z]) + if [ "$GROUP_FIND_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-find-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MOD_TPS_UPPERCASE=$(echo $GROUP_MOD_TPS | tr [a-z] [A-Z]) + if [ "$GROUP_MOD_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-mod-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-mod-tps_tests $subsystemId $subsystemType $MYROLE $caId + fi + GROUP_DEL_TPS_UPPERCASE=$(echo $GROUP_DEL_TPS | tr [a-z] [A-Z]) + if [ "$GROUP_DEL_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-del-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-del-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_ADD_TPS_UPPERCASE=$(echo $GROUP_MEMBER_ADD_TPS | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_ADD_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-add-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-member-add-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_FIND_TPS_UPPERCASE=$(echo $GROUP_MEMBER_FIND_TPS | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_FIND_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-find-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-member-find-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_DEL_TPS_UPPERCASE=$(echo $GROUP_MEMBER_DEL_TPS | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_DEL_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-del-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-member-del-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER + fi + GROUP_MEMBER_SHOW_TPS_UPPERCASE=$(echo $GROUP_MEMBER_SHOW_TPS | tr [a-z] [A-Z]) + if [ "$GROUP_MEMBER_SHOW_TPS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + # Execute pki group-member-show-tps tests + subsystemId=$TPS_INST + subsystemType=tps + caId=$CA_INST + run_pki-group-cli-group-member-show-tps_tests $subsystemId $subsystemType $MYROLE $caId $MASTER fi ##CA Profile Tests CA_PROFILE_CONFIG_UPPERCASE=$(echo $CA_PROFILE_CONFIG | tr [a-z] [A-Z]) @@ -1524,8 +2261,105 @@ rlJournalStart rlLog "Subsystem ID CA=$CA_INST" run_pki-user-cli-user-cleanup_tests $CA_INST ca $MY_ROLE fi - ######## LEGACY TESTS ############ + PKI_LEGACY_CA_ADMIN_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CA_ADMIN_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_ADMIN_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + #Excute all CA Admin tests + subsystemType=ca + run_pki-legacy-ca-usergroup_tests $subsystemType $MYROLE + run_admin-ca-profile_tests $subsystemType $MYROLE + run_admin-ca-acl_tests $subsystemType $MYROLE + run_admin-ca-intdb_tests $subsystemType $MYROLE + run_admin-ca-authplugin_tests $subsystemType $MYROLE + run_admin-ca-crlissuingpoints_tests $subsystemType $MYROLE + run_admin-ca-publishing_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_EE_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CA_EE_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_EE_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + #Execute all CA EE Tests + subsystemType=ca + run_ee-ca-enrollment_tests $subsystemType $MYROLE + run_ee-ca-retrieval_tests $subsystemType $MYROLE + run_ca-ee-ocsp_tests $subsystemType $MYROLE + fi + PKI_LEGACY_CA_AG_TESTS_UPPERCASE=$(echo $PKI_LEGACY_CA_AG_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_CA_AG_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then + #Execute all CA Agent tests + subsystemType=ca + run_ca-ag-requests_tests $subsystemType $MYROLE + run_agent-ca-crls_tests $subsystemType $MYROLE + run_ca-ag-certificates_tests $subsystemType $MYROLE + run_pki-legacy-ca-scep_tests $subsystemType $MYROLE + fi + PKI_LEGACY_KRA_ADMIN_TESTS_UPPERCASE=$(echo $PKI_LEGACY_KRA_ADMIN_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_KRA_ADMIN_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" == "TRUE" ]; then + #Execute all KRA Admin tests + subsystemType=kra + run_kra-ad_usergroups $subsystemType $MYROLE + run_admin-kra-acl_tests $subsystemType $MYROLE + run_admin-kra-internaldb_tests $subsystemType $MYROLE + run_admin-kra-log_tests $subsystemType $MYROLE + fi + PKI_LEGACY_KRA_AGENT_TESTS_UPPERCASE=$(echo $PKI_LEGACY_KRA_AGENT_TESTS | tr [a-z] [A-Z]) + if [ "PKI_LEGACY_KRA_AGENT_TESTS" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + #Execute all KRA Agent tests + subsystemType=kra + run_kra-ag_tests $subsystemType $MYROLE + fi + PKI_LEGACY_OCSP_ADMIN_TESTS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_ADMIN_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_ADMIN_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + #Execute all OCSP Admin tests + subsystemType=ocsp + run_ocsp-ad_usergroups $subsystemType $MYROLE + run_admin-ocsp-acl_tests $subsystemType $MYROLE + run_admin-ocsp-log_tests $subsystemType $MYROLE + run_admin-ocsp-internaldb_tests $subsystemType $MYROLE + fi + PKI_LEGACY_OCSP_AGENT_TESTS_UPPERCASE=$(echo $PKI_LEGACY_OCSP_AGENT_TESTS_UPPERCASE | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_OCSP_AGENT_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + #Execute all OCSP Agent tests + subsystemType=ocsp + run_ocsp-ag_tests $subsystemType $MYROLE + fi + PKI_LEGACY_TKS_ADMIN_TESTS_UPPERCASE=$(echo $PKI_LEGACY_TKS_ADMIN_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_TKS_ADMIN_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + #Execute all TKS Admin tests + subsystemType=tks + run_tks-ad_usergroups $subsystemType $MYROLE + run_admin-tks-acl_tests $subsystemType $MYROLE + run_admin-tks-log_tests $subsystemType $MYROLE + run_admin-tks-internaldb_tests $subsystemType $MYROLE + fi + PKI_LEGACY_SUBCA_ADMIN_TESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_ADMIN_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute all SUBCA Admin tests + subsystemType=ca + run_pki-legacy-subca-usergroup_tests $subsystemType $MYROLE + run_admin-subca-acl_tests $subsystemType $MYROLE + run_admin-subca-intdb_tests $subsystemType $MYROLE + run_admin-subca-authplugin_tests $subsystemType $MYROLE + run_admin-subca-crlissuingpoints_tests $subsystemType $MYROLE + run_admin-subca-publishing_tests $subsystemType $MYROLE + run_admin-subca-profile_tests $subsystemType $MYROLE + run_admin-subca-log_tests $subsystemType $MYROLE + fi + PKI_LEGACY_SUBCA_AGENT_TESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AGENT_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_AGENT_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + #Execute all SUBCA Agent tests + subsystemType=ca + run_agent-subca-crls_tests $subsystemType $MYROLE + run_subca-ag-certificates_tests $subsystemType $MYROLE + run_subca-ag-requests_tests $subsystemType $MYROLE + run_agent-subca-profile_tests $subsystemType $MYROLE + run_pki-legacy-subca-scep_tests $subsystemType $MYROLE + + fi + PKI_LEGACY_SUBCA_EE_TESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_TESTS | tr [a-z] [A-Z]) + if [ "$PKI_LEGACY_SUBCA_EE_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + subsystemType=ca + run_ee-subca-enrollment_tests $subsystemType $MYROLE + run_ee-subca-retrieval_tests $subsystemType $MYROLE + fi PKI_LEGACY_CA_USERGROUP_UPPERCASE=$(echo $PKI_LEGACY_CA_USERGROUP | tr [a-z] [A-Z]) if [ "$PKI_LEGACY_CA_USERGROUP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then # Execute pki ca-usergroup-tests tests @@ -1723,7 +2557,7 @@ rlJournalStart run_admin-subca-log_tests $subsystemType $MYROLE fi PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_SCEP_ENROLL | tr [a-z] [A-Z]) - if [ "$PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then + if [ "$PKI_LEGACY_SUBCA_SCEP_ENROLL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute subca scep enroll tests subsystemType=ca run_pki-legacy-subca-scep_tests $subsystemType $MYROLE @@ -1836,7 +2670,7 @@ rlJournalStart # Execute pki KRA install tests subsystemId=$KRA_INST subsystemType=kra - run_rhcs_kra_installer_tests $subsystemId $subsystemType $MYROLE + run_rhcs_kra_installer_tests fi PKI_OCSP_INSTALL_UPPERCASE=$(echo $PKI_OCSP_INSTALL | tr [a-z] [A-Z]) @@ -1844,7 +2678,7 @@ rlJournalStart # Execute pki OCSP install tests subsystemId=$OCSP_INST subsystemType=ocsp - run_rhcs_ocsp_installer_tests $subsystemId $subsystemType $MYROLE + run_rhcs_ocsp_installer_tests fi PKI_TKS_INSTALL_UPPERCASE=$(echo $PKI_TKS_INSTALL | tr [a-z] [A-Z]) @@ -1862,35 +2696,35 @@ rlJournalStart run_rhcs_tps_installer_tests $subsystemId $subsystemType $MYROLE fi PKI_CA_SELFTEST_CONFIG_UPPERCASE=$(echo $PKI_CA_SELFTEST_CONFIG | tr [a-z] [A-Z]) - if [ "$PKI_CA_SELFTEST_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-selftest --help - run_pki-ca-selftest_tests - fi - PKI_CA_SELFTEST_FIND_UPPERCASE=$(echo $PKI_CA_SELFTEST_FIND | tr [a-z] [A-Z]) - if [ "$PKI_CA_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-selftest-find - subsystemType=ca - run_pki-ca-selftest-find_tests $subsystemType $MYROLE - fi - PKI_CA_SELFTEST_RUN_UPPERCASE=$(echo $PKI_CA_SELFTEST_RUN | tr [a-z] [A-Z]) - if [ "$PKI_CA_SELFTEST_RUN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-selftest-run - subsystemType=ca - run_pki-ca-selftest-run_tests $subsystemType $MYROLE - fi - PKI_CA_SELFTEST_SHOW_UPPERCASE=$(echo $PKI_CA_SELFTEST_SHOW | tr [a-z] [A-Z]) - if [ "$PKI_CA_SELFTEST_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute pki ca-selftest-show - subsystemType=ca - run_pki-ca-selftest-show_tests $subsystemType $MYROLE - fi - PKI_CA_SELFTEST_ADMIN_UPPERCASE=$(echo $PKI_CA_SELFTEST_ADMIN | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTEST_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-selftest --help + run_pki-ca-selftest_tests + fi + PKI_CA_SELFTEST_FIND_UPPERCASE=$(echo $PKI_CA_SELFTEST_FIND | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-selftest-find + subsystemType=ca + run_pki-ca-selftest-find_tests $subsystemType $MYROLE + fi + PKI_CA_SELFTEST_RUN_UPPERCASE=$(echo $PKI_CA_SELFTEST_RUN | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTEST_RUN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-selftest-run + subsystemType=ca + run_pki-ca-selftest-run_tests $subsystemType $MYROLE + fi + PKI_CA_SELFTEST_SHOW_UPPERCASE=$(echo $PKI_CA_SELFTEST_SHOW | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTEST_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-selftest-show + subsystemType=ca + run_pki-ca-selftest-show_tests $subsystemType $MYROLE + fi + PKI_CA_SELFTEST_ADMIN_UPPERCASE=$(echo $PKI_CA_SELFTEST_ADMIN | tr [a-z] [A-Z]) if [ "$PKI_CA_SELFTEST_ADMIN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute pki ca-selftest admin subsystemType=ca run_pki-ca-selftest-admin_tests $subsystemType $MYROLE fi - PKI_KRA_SELFTEST_FIND_UPPERCASE=$(echo $PKI_KRA_SELFTEST_FIND | tr [a-z] [A-Z]) + PKI_KRA_SELFTEST_FIND_UPPERCASE=$(echo $PKI_KRA_SELFTEST_FIND | tr [a-z] [A-Z]) if [ "$PKI_KRA_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute pki kra-selftest-find subsystemType=kra @@ -1902,22 +2736,22 @@ rlJournalStart subsystemType=kra run_pki-kra-selftest-run_tests $subsystemType $MYROLE fi - PKI_KRA_SELFTEST_SHOW_UPPERCASE=$(echo $PKI_KRA_SELFTEST_SHOW | tr [a-z] [A-Z]) + PKI_KRA_SELFTEST_SHOW_UPPERCASE=$(echo $PKI_KRA_SELFTEST_SHOW | tr [a-z] [A-Z]) if [ "$PKI_KRA_SELFTEST_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute pki kra-selftest-show subsystemType=kra run_pki-kra-selftest-show_tests $subsystemType $MYROLE fi - PKI_KRA_SELFTEST_CONFIG_UPPERCASE=$(echo $PKI_KRA_SELFTEST_CONFIG | tr [a-z] [A-Z]) + PKI_KRA_SELFTEST_CONFIG_UPPERCASE=$(echo $PKI_KRA_SELFTEST_CONFIG | tr [a-z] [A-Z]) if [ "$PKI_KRA_SELFTEST_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute pki kra-selftest --help run_pki-kra-selftest_tests fi - PKI_KRA_SELFTEST_ADMIN_UPPERCASE=$(echo $PKI_KRA_SELFTEST_ADMIN | tr [a-z] [A-Z]) + PKI_KRA_SELFTEST_ADMIN_UPPERCASE=$(echo $PKI_KRA_SELFTEST_ADMIN | tr [a-z] [A-Z]) if [ "$PKI_KRA_SELFTEST_ADMIN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute pki kra-selftest admin - subsystemType=kra - run_pki-kra-selftest-admin_tests $subsystemType $MYROLE + subsystemType=kra + run_pki-kra-selftest-admin_tests $subsystemType $MYROLE fi PKI_OCSP_SELFTEST_FIND_UPPERCASE=$(echo $PKI_OCSP_SELFTEST_FIND | tr [a-z] [A-Z]) if [ "$PKI_OCSP_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then @@ -1943,7 +2777,7 @@ rlJournalStart # Execute pki ocsp-selftest --help run_pki-ocsp-selftest_tests fi - PKI_TKS_SELFTEST_FIND_UPPERCASE=$(echo $PKI_TKS_SELFTEST_FIND | tr [a-z] [A-Z]) + PKI_TKS_SELFTEST_FIND_UPPERCASE=$(echo $PKI_TKS_SELFTEST_FIND | tr [a-z] [A-Z]) if [ "$PKI_TKS_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute pki tks-selftest-find subsystemType=tks @@ -1966,7 +2800,13 @@ rlJournalStart # Execute pki tks-selftest --help run_pki-tks-selftest_tests fi - PKI_TPS_SELFTEST_RUN_UPPERCASE=$(echo $PKI_TPS_SELFTEST_RUN | tr [a-z] [A-Z]) + PKI_TPS_SELFTEST_FIND_UPPERCASE=$(echo $PKI_TPS_SELFTEST_FIND | tr [a-z] [A-Z]) + if [ "$PKI_TPS_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki tps-selftest-find + subsystemType=tps + run_pki-tps-selftest-find_tests $subsystemType $MYROLE + fi + PKI_TPS_SELFTEST_RUN_UPPERCASE=$(echo $PKI_TPS_SELFTEST_RUN | tr [a-z] [A-Z]) if [ "$PKI_TPS_SELFTEST_RUN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute pki tps-selftest-run subsystemType=tps @@ -1983,18 +2823,18 @@ rlJournalStart # Execute pki tps-selftest --help run_pki-tps-selftest_tests fi - #############CA Selftests################### - PKI_CA_SELFTESTS_UPPERCASE=$(echo $PKI_CA_SELFTESTS | tr [a-z] [A-Z]) - if [ "$PKI_CA_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then - # Execute all ca selftest cli's - subsystemType=ca - run_pki-ca-selftest_tests - run_pki-ca-selftest-find_tests $subsystemType $MYROLE - run_pki-ca-selftest-run_tests $subsystemType $MYROLE - run_pki-ca-selftest-show_tests $subsystemType $MYROLE - fi - #############KRA Selftests################### - PKI_KRA_SELFTESTS_UPPERCASE=$(echo $PKI_KRA_SELFTESTS | tr [a-z] [A-Z]) + #############CA Selftests################### + PKI_CA_SELFTESTS_UPPERCASE=$(echo $PKI_CA_SELFTESTS | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute all ca selftest cli's + subsystemType=ca + run_pki-ca-selftest_tests + run_pki-ca-selftest-find_tests $subsystemType $MYROLE + run_pki-ca-selftest-run_tests $subsystemType $MYROLE + run_pki-ca-selftest-show_tests $subsystemType $MYROLE + fi + #############KRA Selftests################### + PKI_KRA_SELFTESTS_UPPERCASE=$(echo $PKI_KRA_SELFTESTS | tr [a-z] [A-Z]) if [ "$PKI_KRA_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute all kra selftest cli's subsystemType=kra @@ -2002,10 +2842,10 @@ rlJournalStart run_pki-kra-selftest-find_tests $subsystemType $MYROLE run_pki-kra-selftest-run_tests $subsystemType $MYROLE run_pki-kra-selftest-show_tests $subsystemType $MYROLE - run_pki-kra-selftest-admin_tests $subsystemType $MYROLE + run_pki-kra-selftest-admin_tests $subsystemType $MYROLE fi - #############OCSP Selftests################### - PKI_OCSP_SELFTESTS_UPPERCASE=$(echo $PKI_OCSP_SELFTESTS | tr [a-z] [A-Z]) + #############OCSP Selftests################### + PKI_OCSP_SELFTESTS_UPPERCASE=$(echo $PKI_OCSP_SELFTESTS | tr [a-z] [A-Z]) if [ "$PKI_OCSP_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute all ocsp selftest cli's subsystemType=ocsp @@ -2014,8 +2854,8 @@ rlJournalStart run_pki-ocsp-selftest-run_tests $subsystemType $MYROLE run_pki-ocsp-selftest-show_tests $subsystemType $MYROLE fi - #############TKS Selftests################### - PKI_TKS_SELFTESTS_UPPERCASE=$(echo $PKI_TKS_SELFTESTS | tr [a-z] [A-Z]) + #############TKS Selftests################### + PKI_TKS_SELFTESTS_UPPERCASE=$(echo $PKI_TKS_SELFTESTS | tr [a-z] [A-Z]) if [ "$PKI_TKS_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute all tks selftest cli's subsystemType=tks @@ -2025,7 +2865,7 @@ rlJournalStart run_pki-tks-selftest-show_tests $subsystemType $MYROLE fi #############TPS Selftests################### - PKI_TPS_SELFTESTS_UPPERCASE=$(echo $PKI_TPS_SELFTESTS | tr [a-z] [A-Z]) + PKI_TPS_SELFTESTS_UPPERCASE=$(echo $PKI_TPS_SELFTESTS | tr [a-z] [A-Z]) if [ "$PKI_TPS_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then # Execute all tps selftest cli's subsystemType=tps @@ -2045,7 +2885,7 @@ rlJournalStart ######## CODE COVERAGE TESTS ############ CODE_COVERAGE_UPPERCASE=$(echo $CODE_COVERAGE | tr [a-z] [A-Z]) - if [ $CODE_COVERAGE_UPPERCASE = "TRUE" ] ; then + if [ "$CODE_COVERAGE_UPPERCASE" = "TRUE" ] ; then rlPhaseStartSetup "JACOCO Code coverage report" rlRun "cp /tmp/jacoco.exec /opt/rhqa_pki/." rlLog "ant task to create a report" diff --git a/tests/dogtag/topologies.sh b/tests/dogtag/topologies.sh index 21831982f..313337094 100755 --- a/tests/dogtag/topologies.sh +++ b/tests/dogtag/topologies.sh @@ -80,7 +80,7 @@ run_rhcs_install_set_vars() # Initialize Global TESTCOUNT variable # TESTCOUNT=1 rlPhaseStartSetup "Inside install set vars" - rlLog "run_rhcs_install_set_vars saili" + rlLog "run_rhcs_install_set_vars" # First let's normalize the data to use _env variables: [ -n "$MASTER" -a -z "$BEAKERMASTER" ] && export BEAKERMASTER="$MASTER" [ -n "$CLONE1" -a -z "$BEAKERCLONE1" ] && export BEAKERCLONE1="$CLONE1" @@ -151,7 +151,7 @@ run_rhcs_install_quickinstall() run_install_subsystem_RootCA run_install_subsystem_kra $number $BEAKERMASTER $CA run_install_subsystem_ocsp $number $BEAKERMASTER $CA - run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA + run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA $MASTER_KRA run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS run_install_subsystem_cloneCA $CLONE_number $BEAKERMASTER $CA run_install_subsystem_cloneKRA $CLONE_number $BEAKERMASTER $CA $MASTER_KRA @@ -192,11 +192,12 @@ run_rhcs_install_topo_1() local number=3 local CA=ROOTCA local TKS_number=1 + local MASTER_KRA=KRA3 run_rhcs_install_packages run_install_subsystem_RootCA run_install_subsystem_kra $number $BEAKERMASTER $CA run_install_subsystem_ocsp $number $BEAKERMASTER $CA - run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA + run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA $MASTER_KRA pushd $CLIENT_PKCS12_DIR if [ $(python --version 2>&1|awk '{print $2}'|cut -f1 -d.) -eq 2 ]; then WEBMOD=SimpleHTTPServer; @@ -747,7 +748,7 @@ run_rhcs_install_topo_9() run_install_subsystem_RootCA run_install_subsystem_kra $number $BEAKERMASTER $CA run_install_subsystem_ocsp $number $BEAKERMASTER $CA - run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA + run_install_subsystem_tks $TKS_number $BEAKERMASTER $CA $MASTER_KRA run_install_subsystem_tps $TPS_number $BEAKERMASTER $CA $MASTER_KRA $MASTER_TKS run_install_subsystem_cloneCA $CLONE_number $BEAKERMASTER $CA run_install_subsystem_cloneKRA $CLONE_number $BEAKERMASTER $CA $MASTER_KRA @@ -755,6 +756,11 @@ run_rhcs_install_topo_9() run_install_subsystem_cloneTKS $CLONE_number $BEAKERMASTER $CA run_install_subsystem_subca $SUBCA_number $BEAKERMASTER $CA run_rhcs_add_to_env "ROOTCA_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$ROOTCA_ADMIN_CERT_NICKNAME.p12" + run_rhcs_add_to_env "KRA3_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$KRA3_ADMIN_CERT_NICKNAME.p12" + run_rhcs_add_to_env "OCSP3_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$OCSP3_ADMIN_CERT_NICKNAME.p12" + run_rhcs_add_to_env "TKS1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$TKS1_ADMIN_CERT_NICKNAME.p12" + run_rhcs_add_to_env "TPS1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$TPS1_ADMIN_CERT_NICKNAME.p12" + run_rhcs_add_to_env "TOPOLOGY" "TOPO9" run_rhcs_add_to_env "SUBCA1_ADMIN_CERT_LOCATION" "$CLIENT_DIR/$SUBCA1_ADMIN_CERT_NICKNAME.p12" rlPhaseEnd } -- cgit