From e444af55a920534d34ccc63406eb53a27eed0356 Mon Sep 17 00:00:00 2001 From: Niranjan Mallapadi Date: Thu, 21 May 2015 12:20:27 +0530 Subject: pki ca,kra,ocsp,tks,tps selftest cli automation --- tests/dogtag/Makefile | 27 ++ .../pki-ca-selftest-cli/pki-ca-selftest-admin.sh | 234 +++++++++++ .../pki-ca-selftest-cli-find.sh | 413 ++++++++++++++++++++ .../pki-ca-selftest-cli/pki-ca-selftest-cli-run.sh | 277 ++++++++++++++ .../pki-ca-selftest-cli-show.sh | 426 +++++++++++++++++++++ .../pki-ca-selftest-cli/pki-ca-selftest-cli.sh | 69 ++++ .../pki-kra-selftest-cli/pki-kra-selftest-admin.sh | 218 +++++++++++ .../pki-kra-selftest-cli-find.sh | 383 ++++++++++++++++++ .../pki-kra-selftest-cli-run.sh | 281 ++++++++++++++ .../pki-kra-selftest-cli-show.sh | 325 ++++++++++++++++ .../pki-kra-selftest-cli/pki-kra-selftest-cli.sh | 66 ++++ .../pki-ocsp-selftest-cli-find.sh | 407 ++++++++++++++++++++ .../pki-ocsp-selftest-cli-run.sh | 270 +++++++++++++ .../pki-ocsp-selftest-cli-show.sh | 422 ++++++++++++++++++++ .../pki-ocsp-selftest-cli/pki-ocsp-selftest-cli.sh | 66 ++++ .../pki-tks-selftest-cli-find.sh | 398 +++++++++++++++++++ .../pki-tks-selftest-cli-run.sh | 271 +++++++++++++ .../pki-tks-selftest-cli-show.sh | 384 +++++++++++++++++++ .../pki-tks-selftest-cli/pki-tks-selftest-cli.sh | 69 ++++ .../pki-tps-selftest-cli-find.sh | 407 ++++++++++++++++++++ .../pki-tps-selftest-cli-run.sh | 271 +++++++++++++ .../pki-tps-selftest-cli-show.sh | 422 ++++++++++++++++++++ .../pki-tps-selftest-cli/pki-tps-selftest-cli.sh | 69 ++++ tests/dogtag/runtest.sh | 196 ++++++++++ 24 files changed, 6371 insertions(+) create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-admin.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-run.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-admin.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-run.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-run.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-run.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-find.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-run.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-show.sh create mode 100755 tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli.sh diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile index 182db1e8e..3b0bab4c4 100755 --- a/tests/dogtag/Makefile +++ b/tests/dogtag/Makefile @@ -312,6 +312,33 @@ build: $(BUILT_FILES) chmod a+x ./acceptance/install-tests/ocsp-installer.sh chmod a+x ./acceptance/install-tests/tks-installer.sh chmod a+x ./acceptance/install-tests/tps-installer.sh + #pki ca-selftest tests + chmod a+x ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli.sh + chmod a+x ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-find.sh + chmod a+x ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-run.sh + chmod a+x ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-show.sh + chmod a+x ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-admin.sh + #pki kra-selftest tests + chmod a+x ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-find.sh + chmod a+x ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-run.sh + chmod a+x ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-show.sh + chmod a+x ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli.sh + chmod a+x ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-admin.sh + #pki ocsp-selftest tests + chmod a+x ./acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-find.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-run.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-show.sh + chmod a+x ./acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli.sh + #pki tks-selftest tests + chmod a+x ./acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-find.sh + chmod a+x ./acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-run.sh + chmod a+x ./acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-show.sh + chmod a+x ./acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli.sh + #pki tps-selftest tests + chmod a+x ./acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-find.sh + chmod a+x ./acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-run.sh + chmod a+x ./acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-show.sh + chmod a+x ./acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli.sh clean: rm -f *~ $(BUILT_FILES) diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-admin.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-admin.sh new file mode 100755 index 000000000..d526a9936 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-admin.sh @@ -0,0 +1,234 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-selftest-cli +# +# Description: PKI KRA SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki kra-selftest cli commands needs to be tested: +# pki ca-selftest-admin +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-ca-selftest-admin_tests() +{ + # Local Variables + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki ca-selftest-admin + rlPhaseStartSetup "pki ca-selftest-admin Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$cs_Role + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$ca_instance_created" = "TRUE" ] ; then + + local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME) + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_agent=$CA_INST\_agentV + local tmp_ca_admin=$CA_INST\_adminV + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$CA_INST\_agentV + local valid_audit_cert=$CA_INST\_auditV + local valid_operator_cert=$CA_INST\_operatorV + local valid_admin_cert=$CA_INST\_adminV + local revoked_agent_cert=$CA_INST\_agentR + local revoked_admin_cert=$CA_INST\_adminR + local expired_admin_cert=$CA_INST\_adminE + local expired_agent_cert=$CA_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local ca_selftest_show_output=$TmpDir/ca-selftest-admin.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + ### Config file + local ca_config_file="/var/lib/pki/${tomcat_name}/ca/conf/CS.cfg" + local ca_db="/var/lib/pki/${tomcat_name}/ca/alias/" + local ca_cert_list="transport,storage,sslserver,subsystem,audit_signing" + local ca_cert_list="signing,ocsp_signing,sslserver,subsystem,audit_signing" + local ca_signing_nick=$(cat $ca_config_file | grep ca.signing.nickname | cut -d= -f2) + local ca_ocsp_signing_nick=$(cat $ca_config_file | grep ca.ocsp_signing.nickname | cut -d= -f2) + local ca_sslserver_nick=$(cat $ca_config_file | grep ca.sslserver.nickname | cut -d= -f2) + local ca_subsystem_nick=$(cat $ca_config_file | grep ca.subsystem.nickname | cut -d= -f2) + local ca_audit_nick=$(cat $ca_config_file | grep ca.audit_signing.nickname | cut -d= -f2) + local ca_token=$(cat $ca_config_file | grep ca.signing.tokenname | cut -d= -f2) + local ca_token_internal_passwd=$(cat /var/lib/pki/$tomcat_name/conf/password.conf | grep internal | cut -d= -f2) + local ca_hsm_passwd=$(cat /var/lib/pki/${tomcat_name}/conf/password.conf | grep internal | cut -d= -f2) + local signed_ca_audit_log="/var/log/pki/${tomcat_name}/ca/signedAudit/ca_audit" + local selftest_log="/var/log/pki/${tomcat_name}/ca/selftests.log" + local selftest_system_verification=$(cat $ca_config_file | grep selftests.container.order.startup | cut -d= -f2) + rlLog "selftest_system_verification=$selftest_system_verification" + + rlPhaseStartSetup "Take backup of tomcatjss xml" + local tomcat_jss_xml_dir="/etc/pki/$tomcat_name/Catalina/localhost" + local tomcat_jss_xml_backup_dir="$TmpDir/tomcat_jss_backup" + rlLog "Take backup of $tomcat_jss_xml_dir Directory" + rlRun "cp -a $tomcat_jss_xml_dir $TmpDir/tomcat_jss_backup" + rlPhaseEnd + + rlPhaseStartTest "Restart CA subsystem and make sure self tests executed successfully when self tests for system certs verification categorized as \"critical\" has valid system certificates." + local ca_cert_list_exist=$(cat $ca_config_file | grep ^ca.cert.list | cut -d= -f2) + rlLog "Verify if configuration file exists" + rlAssertExists "$ca_config_file" + rlAssertEquals "Verify $ca_config_file has list of system certificates parameter" "$ca_cert_list" "$ca_cert_list_exist" + if [ "${ca_token}" = "Internal Key Storage Token" ]; then + rlRun "certutil -L -d $ca_db -n \"$ca_signing_nick\" > ${TmpDir}/cert.out" 0 "Verifying if ca signing cert exists in certificate db" + rlRun "certutil -L -d $ca_db -n \"$ca_ocsp_signing_nick\" > ${TmpDir}/cert.out" 0 "Verifying if ocsp signing cert exists in certificate db" + rlRun "certutil -L -d $ca_db -n \"$ca_sslserver_nick\" > ${TmpDir}/cert.out" 0 "Verifying if sslserver cert exists in certificate db" + rlRun "certutil -L -d $ca_db -n \"$ca_subsystem_nick\" > ${TmpDir}/cert.out" 0 "Verifying if subsystem cert exists in certificate db" + rlRun "certutil -L -d $ca_db -n \"$ca_audit_nick\" > ${TmpDir}/cert.out" 0 "Verifying if audit_signing cert exists in certificate db" + elif [ "${ca_token}" = "NHSM6000" ]; then + rlRun "echo ${ca_hsm_passwd} > ${TmpDir}/hsm_passwd" 0 "Save hsm passwd in a file" + rlRun "certutil -L -d $ca_db -h $ca_token -f $TmpDir/hsm_passwd -n \"$ca_signing_nick\" > $TmpDir/cert.out" 0 "Verifying if ca signing cert exists in certificate db" + rlRun "certutil -L -d $ca_db -h $ca_token -f $TmpDir/hsm_passwd -n \"$ca_ocsp_signing_nick\" > $TmpDir/cert.out" 0 "Verifying if ocsp signing cert exists in certificate db" + rlRun "certutil -L -d $ca_db -h $ca_token -f $TmpDir/hsm_passwd -n \"$ca_sslserver_nick\" > $TmpDir/cert.out" 0 "Verifying if sslserver cert exists in certificate db" + rlRun "certutil -L -d $ca_db -h $ca_token -f $TmpDir/hsm_passwd -n \"$ca_subsystem_nick\" > $TmpDir/cert.out" 0 "Verifying if subsystem cert exists in certificate db" + rlRun "certutil -L -d $ca_db -h $ca_token -f $TmpDir/hsm_passwd -n \"$ca_audit_nick\" > $TmpDir/cert.out" 0 "Verifying if audit_signing cert exists in certificate db" + fi + rlLog "Restart $tomcat_name instance" + + local cur_date=$(date +%d/%b/%Y:%H:%M) + rhcs_stop_instance $tomcat_name + rlLog "Empty the current signed ca audit log and selftest log" + rlRun "echo > ${signed_ca_audit_log}" + rlRun "echo > $selftest_log" + rhcs_start_instance $tomcat_name + rlRun "sleep 30" 0 "Sleep 30 seconds so that selftest.log is updated" + rlAssertGrep "All CRITICAL self test plugins ran SUCCESSFULLY at startup!" "$selftest_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_signing_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_ocsp_signing_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_sslserver_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_subsystem_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_audit_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlRun "tail -n 10 $signed_ca_audit_log | grep \"AuditEvent=SELFTESTS_EXECUTION\" > $TmpDir/ca-signed-audit.log" 0,1 "Get the current signed audit log" + rlAssertGrep "Outcome=Success" "$TmpDir/ca-signed-audit.log" + rlPhaseEnd + + rlPhaseStartTest "CA fails to start when an in-correct (bogus) nickname is provided for a certificate categorized as \"critical\" for the selftest." + local cur_date_time=$(date +%d-%b-%Y:%H:%M) + local ca_config_file_backup="/var/lib/pki/$tomcat_name/ca/conf/CS.cfg-$cur_date_time" + local ca_ocsp_bogus_nick="Bogus-ocspcert" + rlLog "Backup existing ca CS.cfg" + rlRun "/usr/bin/cp $ca_config_file -f $ca_config_file_backup" 0 "Backup current CS.cfg" + rlLog "Stop $tomcat_name" + rlLog "Empty the current signed ca audit log" + rlRun "echo > $signed_ca_audit_log" + rhcs_stop_instance $tomcat_name + rlRun "sed -i s/"$ca_ocsp_signing_nick"/"$ca_ocsp_bogus_nick"/ $ca_config_file" + local cur_date=$(date +%d/%b/%Y:%H:%M) + rhcs_start_instance $tomcat_name + rlAssertGrep "\[AuditEvent=SELFTESTS_EXECUTION\]\[SubjectID=\$System$\]\[Outcome=Failure\]" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_signing_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Failure\]\[CertNickName=$ca_ocsp_bogus_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_sslserver_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_subsystem_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=SELFTESTS_EXECUTION\]\[SubjectID=\$System$\]\[Outcome=Success\]" "$signed_ca_audit_log" + rlLog "Stop $tomcat_name" + rhcs_stop_instance $tomcat_name + rlLog "Revert the changes back to CS.cfg" + rlRun "/usr/bin/cp $ca_config_file_backup -f $ca_config_file" 0 "Revert back the changes done to CS.cfg" + rlLog "Remove the backup file" + rlRun "rm -f $ca_config_file_backup" + rhcs_start_instance $tomcat_name + rlLog "RHCS9 BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1221013" + rlLog "RHCS9 BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1222435" + rlPhaseEnd + + rlPhaseStartTest "CA should start successfully when an in-correct (bogus) nickname is provided for a certificate categorized as \"non-critical\" for the selftest." + local cur_date_time=$(date +%d-%b-%Y:%H:%M) + local ca_config_file_backup="/var/lib/pki/$tomcat_name/ca/conf/CS.cfg-$cur_date_time" + local selftest_system_verification_change="selftests.container.order.startup=CAPresence:critical, SystemCertsVerification:non-critical" + local ca_ocsp_bogus_nick="Bogus-ocspcert" + rlLog "Backup existing ca CS.cfg" + rlRun "/usr/bin/cp $ca_config_file -f $ca_config_file_backup" 0 "Backup current CS.cfg" + rlLog "Stop $tomcat_name" + rlLog "Empty the current signed ca audit log" + rlRun "rm -f $signed_ca_audit_log" + rhcs_stop_instance $tomcat_name + rlLog "Edit selftest with system cert verification as non-critical" + rlRun "sed -i s/\"$selftest_system_verification\"/\"$selftest_system_verification_change\"/ $ca_config_file" + rlLog "Specify Invalid CA ocsp cert" + rlRun "sed -i s/"$ca_ocsp_signing_nick"/"$ca_ocsp_bogus_nick"/ $ca_config_file" + local cur_date=$(date +%d/%b/%Y:%H:%M) + rhcs_start_instance $tomcat_name + rlRun "sleep 60" 0 "Sleep 30 seconds so that audit log is updated" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_signing_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Failure\]\[CertNickName=$ca_storage_bogus_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_sslserver_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$ca_subsystem_nick\] CIMC certificate verification" "$signed_ca_audit_log" + rlAssertGrep "\[AuditEvent=SELFTESTS_EXECUTION\]\[SubjectID=\$System$\]\[Outcome=Success\]" "$signed_ca_audit_log" + rlLog "Stop $tomcat_name" + rhcs_stop_instance $tomcat_name + rlLog "Revert the changes back to CS.cfg" + rlRun "/usr/bin/cp $ca_config_file_backup -f $ca_config_file" 0 "Revert back the changes done to CS.cfg" + rlLog "Remove the backup file" + rlRun "rm -f $ca_config_file_backup" + rhcs_start_instance $tomcat_name + rlLog "CS9 BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1221013" + rlPhaseEnd + + rlPhaseStartCleanup "pki ca-selftest-admin cleanup: Restore tomcatjss xml and delete temp dir" + rlLog "Restore ca.xml from $tomcat_jss_xml_backup_dir" + rlRun "cp -a $TmpDir/tomcat_jss_backup/ca.xml $tomcat_jss_xml_dir/ca.xml" 0 "Copy ca.xml" + rlLog "Restart $tomcat_name instance" + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + +else + rlLog "CA Instance is not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-find.sh new file mode 100755 index 000000000..19e82f9c5 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-find.sh @@ -0,0 +1,413 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ca-selftest-cli +# +# Description: PKI CA SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ca-selftest cli commands needs to be tested: +# pki ca-selftest-find +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_pki-ca-selftest-find_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki ca-selftest-find + rlPhaseStartSetup "pki ca-selftest-find Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$cs_Role + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$ca_instance_created" = "TRUE" ] ; then + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_agent=$CA_INST\_agentV + local tmp_ca_admin=$CA_INST\_adminV + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$CA_INST\_agentV + local valid_audit_cert=$CA_INST\_auditV + local valid_operator_cert=$CA_INST\_operatorV + local valid_admin_cert=$CA_INST\_adminV + local revoked_agent_cert=$CA_INST\_agentR + local revoked_admin_cert=$CA_INST\_adminR + local expired_admin_cert=$CA_INST\_adminE + local expired_agent_cert=$CA_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local ca_selftest_find_output=$TmpDir/ca-selftest-find.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki ca-selftest-find + rlPhaseStartTest "pki_ca_selftest-configtest: pki ca-selftest-find --help configuration test" + rlRun "pki ca-selftest-find --help > $ca_selftest_find_output" 0 "pki ca-selftest-find --help" + rlAssertGrep "usage: ca-selftest-find \[FILTER\] \[OPTIONS...\]" "$ca_selftest_find_output" + rlAssertGrep " --help Show help options" "$ca_selftest_find_output" + rlAssertGrep " --size Page size" "$ca_selftest_find_output" + rlAssertGrep " --start Page start" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pk_ca_selftest-001: find all the existing selftests for CA using admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find > $ca_selftest_find_output" 0 "Find all the CA Selftest using $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find > $ca_selftest_find_output" 0 "Find all the CA Selftest using $valid_admin_cert" + rlAssertGrep "3 entries matched" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: CAPresence" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: CAValidity" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-002: verifying all ca selftests cannot be found by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_agent_cert\" \ + ca-selftest-find > $ca_selftest_find_output" 0 "Find all the CA Selftest using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_agent_cert\" \ + ca-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the CA Selftest using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-003: verifying all ca selftests cannot be found by operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-find > $ca_selftest_find_output" 0 "Find all the CA Selftest using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the CA Selftest using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-004: verifying all ca selftests cannot be found by audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-find > $ca_selftest_find_output" 0 "Find all the CA Selftest using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the CA Selftest using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-005: verifying all ca selftests cannot be found by Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_admin_cert\" \ + ca-selftest-find > $ca_selftest_find_output" 0 "Find all the CA Selftest using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_admin_cert\" \ + ca-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the CA Selftest using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-006: verifying all ca selftests cannot be found by Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_agent_cert\" \ + ca-selftest-find > $ca_selftest_find_output" 0 "Find all the CA Selftest using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_agent_cert\" \ + ca-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the CA Selftest using $revoked_agent_cert" + rlAssertGrep "PKIException: Unauthorized" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-007: verifying all ca selftests cannot be found by Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_agent_cert\" \ + ca-selftest-find > $ca_selftest_find_output" 0 "Find all the CA Selftest using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_agent_cert\" \ + ca-selftest-find > $ca_selftest_find_output 2>&1" 1,255 "Find all the CA Selftest using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ca_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-008: verifying all ca selftests cannot be found by Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_admin_cert\" \ + ca-selftest-find > $ca_selftest_find_output" 0 "Find all the CA Selftest using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_admin_cert\" \ + ca-selftest-find > $ca_selftest_find_output 2>&1" 1,255 "Find all the CA Selftest using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ca_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-009: verify when --size 1 is specified only 1 CA selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size 1 > $ca_selftest_find_output" 0 "Run pki ca-selftest-find --size 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size 1 1> $ca_selftest_find_output" 0 "Run pki ca-selftest-find --size 1" + rlAssertGrep "3 entries matched" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: CAPresence" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlPhaseEnd + + + rlPhaseStart "pki_ca_selftest-0010: verify when value given in --size is more than 3 display all the selftests" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size 100 > $ca_selftest_find_output" 0 "Run pki ca-selftest-find --size 100" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size 100 > $ca_selftest_find_output" 0 "Run pki ca-selftest-find --size 100" + rlAssertGrep "3 entries matched" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: CAPresence" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: CAValidity" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-0011: verify when value given in --size is junk no results are returned" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size adafdafds > $ca_selftest_find_output" 0 "Run pki ca-selftest-find --size adafdafds" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size adafdafds > $ca_selftest_find_output 2>&1" 1,255 "Run pki ca-selftest-find --size adafdafds" + rlAssertGrep "NumberFormatException: For input string: \"adafdafds\"" "$ca_selftest_find_output" + rlAssertGroup + PhaseEnd + + rlPhaseStartTest "pki_ca_selftest-0012: verify when no value with --size command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size > $ca_selftest_find_output 2>&1" 1,255 "No value is passed to pki ca-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size > $ca_selftest_find_output 2>&1" 1,255 "No value is passed to pki ca-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: size" "$ca_selftest_find_output" + rlAssertGrep "usage: ca-selftest-find \[FILTER\] \[OPTIONS...\]" "$ca_selftest_find_output" + rlAssertGrep " --help Show help options" "$ca_selftest_find_output" + rlAssertGrep " --size Page size" "$ca_selftest_find_output" + rlAssertGrep " --start Page start" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-0013: verify when --size 1 and --start 1 is specified only 1 CA selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size 1 --start 1 > $ca_selftest_find_output" 0 "Run pki ca-selftest-find --size 1 --start 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --size 1 --start 1 > $ca_selftest_find_output" 0 "Run pki ca-selftest-find --size 1 --start 1" + rlAssertGrep "3 entries matched" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-0014: verify when no value with --start command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --start > $ca_selftest_find_output 2>&1" 1,255 "No value is passed to pki ca-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-find --start > $ca_selftest_find_output 2>&1" 1,255 "No value is passed to pki ca-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: start" "$ca_selftest_find_output" + rlAssertGrep "usage: ca-selftest-find \[FILTER\] \[OPTIONS...\]" "$ca_selftest_find_output" + rlAssertGrep " --help Show help options" "$ca_selftest_find_output" + rlAssertGrep " --size Page size" "$ca_selftest_find_output" + rlAssertGrep " --start Page start" "$ca_selftest_find_output" + rlPhaseEnd + +else + rlPhaseStartCleanup "pki ca-selftest-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "CA subsystem is not installed" + rlPhaseEnd +fi + +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-run.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-run.sh new file mode 100755 index 000000000..c4cc5ae03 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-run.sh @@ -0,0 +1,277 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ca-selftest-cli +# +# Description: PKI CA SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ca-selftest cli commands needs to be tested: +# pki ca-selftest-run +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-ca-selftest-run_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki ca-selftest-run + rlPhaseStartSetup "pki ca-selftest-run Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$cs_Role + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$ca_instance_created" = "TRUE" ] ; then + + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_agent=$CA_INST\_agentV + local tmp_ca_admin=$CA_INST\_adminV + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$CA_INST\_agentV + local valid_audit_cert=$CA_INST\_auditV + local valid_operator_cert=$CA_INST\_operatorV + local valid_admin_cert=$CA_INST\_adminV + local revoked_agent_cert=$CA_INST\_agentR + local revoked_admin_cert=$CA_INST\_adminR + local expired_admin_cert=$CA_INST\_adminE + local expired_agent_cert=$CA_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local ca_selftest_run_output=$TmpDir/ca-selftest-run.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki ca-selftest-run + rlPhaseStartTest "pki_ca_selftest_run-configtest: pki ca-selftest-run --help configuration test" + rlRun "pki ca-selftest-run --help > $ca_selftest_run_output" 0 "pki ca-selftest-run --help" + rlAssertGrep "usage: ca-selftest-run \[OPTIONS...\]" "$ca_selftest_run_output" + rlAssertGrep " --help Show help options" "$ca_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pk_ca_selftest_run-001: Run CA Selftest using admin cert and verify ca subsystem is up" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-run > $ca_selftest_run_output" 0 "Execute pki ca-selftest-run as $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-run > $ca_selftest_run_output" 0 "Execute pki ca-selftest-run as $valid_admin_cert" + rlAssertGrep "Selftests completed" "$ca_selftest_run_output" + rlLog "Verify ca instance is running" + rlRun "systemctl status pki-tomcatd@$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME) 1> $TmpDir/systemctl.out" + rlAssertGrep "Active: active (running)" "$TmpDir/systemctl.out" + rlLog "Ascertain by running pki cert-find command if ca instance is responding" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + cert-find > $Tmpdir/cert-find.out" 0 "Execute pki cert-find to verify if ca instance is responding" + rlAssertGrep "Number of entries returned 20" "$Tmpdir/cert-find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_run-002: Verify ca selftests cannot be run by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_agent_cert\" \ + ca-selftest-run > $ca_selftest_run_output" 0 "Execute pki ca-selftest-run as $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_agent_cert\" \ + ca-selftest-run 2> $ca_selftest_run_output" 1,255 "Execute pki ca-selftest-run as $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_run-003: Verify ca selftests cannot be run operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-run > $ca_selftest_run_output" 0 "Execute pki ca-selftest-run as $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-run 2> $ca_selftest_run_output" 1,255 "Execute pki ca-selftest-run as $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_run-004: Verify ca selftests cannot be run audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-run > $ca_selftest_run_output" 0 "Execute pki ca-selftest-run as $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-run 2> $ca_selftest_run_output" 1,255 "Execute pki ca-selftest-run as $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_run-005: Verify ca selftests cannot be run Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_admin_cert\" \ + ca-selftest-run > $ca_selftest_run_output" 0 "Execute pki ca-selftest-run as $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_admin_cert\" \ + ca-selftest-run 2> $ca_selftest_run_output" 1,255 "Execute pki ca-selftest-run as $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$ca_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_run-006: Verify ca selftests cannot be run Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_agent_cert\" \ + ca-selftest-run > $ca_selftest_run_output" 0 "Execute pki ca-selftest-run as $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_agent_cert\" \ + ca-selftest-run 2> $ca_selftest_run_output" 1,255 "Execute pki ca-selftest-run as $revoked_agent_cert" + rlAssertGrep "PKIException: Unauthorized" "$ca_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_run-007: Verify ca selftests cannot be run Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_agent_cert\" \ + ca-selftest-run > $ca_selftest_run_output" 0 "Execute pki ca-selftest-run as $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_agent_cert\" \ + ca-selftest-run > $ca_selftest_run_output 2>&1" 1,255 "Execute pki ca-selftest-run as $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ca_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_run-008: Verify ca selftests cannot be run Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_admin_cert\" \ + ca-selftest-run > $ca_selftest_run_output" 0 "Execute pki ca-selftest-run as $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_admin_cert\" \ + ca-selftest-run > $ca_selftest_run_output 2>&1" 1,255 "Execute pki ca-selftest-run as $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ca_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ca-selftest-run cleanup: Delete temp dir" + rlLog "CA subsystem is not installed" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-show.sh new file mode 100755 index 000000000..6a5e1eaec --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-show.sh @@ -0,0 +1,426 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ca-selftest-cli +# +# Description: PKI CA SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ca-selftest cli commands needs to be tested: +# pki ca-selftest-show +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-ca-selftest-show_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki ca-selftest-show + rlPhaseStartSetup "pki ca-selftest-show Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2) + ca_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + if [[ $CA_INST == SUBCA* ]]; then + prefix=$CA_INST + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=ROOTCA + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi + else + prefix=$cs_Role + ca_instance_created=$(eval echo \$${CA_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$ca_instance_created" = "TRUE" ] ; then + local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT) + local tmp_ca_agent=$CA_INST\_agentV + local tmp_ca_admin=$CA_INST\_adminV + local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT) + local tmp_ca_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$CA_INST\_agentV + local valid_audit_cert=$CA_INST\_auditV + local valid_operator_cert=$CA_INST\_operatorV + local valid_admin_cert=$CA_INST\_adminV + local revoked_agent_cert=$CA_INST\_agentR + local revoked_admin_cert=$CA_INST\_adminR + local expired_admin_cert=$CA_INST\_adminE + local expired_agent_cert=$CA_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local ca_selftest_show_output=$TmpDir/ca-selftest-show.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki ca-selftest-show + rlPhaseStartTest "pki_ca_selftest_show-configtest: pki ca-selftest-show --help configuration test" + rlRun "pki ca-selftest-show --help > $ca_selftest_show_output" 0 "pki ca-selftest-show --help" + rlAssertGrep "usage: ca-selftest-show \[OPTIONS...\]" "$ca_selftest_show_output" + rlAssertGrep " --help Show help options" "$ca_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-001: Show CAPresence selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "Show CAPresence Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "Show CAPresence Selftest" + rlAssertGrep "SelfTest \"CAPresence\"" "$ca_selftest_show_output" + rlAssertGrep " SelfTest ID: CAPresence" "$ca_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_ca_selftest_show-002: Copy CAPresence selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAPresence --output $TmpDir/CAPresence > $ca_selftest_show_output" 0 "Save CAPresence Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAPresence --output $TmpDir/CAPresence > $ca_selftest_show_output" 0 "Save CAPresence Selftest to a file" + rlAssertGrep "Stored selfTest \"CAPresence\" into $TmpDir/CAPresence" "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-003: Show SystemCertsVerification selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show SystemCertsVerification > $ca_selftest_show_output" 0 "Show SystemCertsVerification Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show SystemCertsVerification > $ca_selftest_show_output" 0 "Show SystemCertsVerification Selftest" + rlAssertGrep "SelfTest \"SystemCertsVerification\"" "$ca_selftest_show_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ca_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_ca_selftest_show-004: Copy SystemCertsVerification selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show SystemCertsVerification --output $TmpDir/SystemCertsVerification > $ca_selftest_show_output" 0 "Save SystemCertsVerification Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show SystemCertsVerification --output $TmpDir/SystemCertsVerification > $ca_selftest_show_output" 0 "Save SystemCertsVerification Selftest to a file" + rlAssertGrep "Stored selfTest \"SystemCertsVerification\" into $TmpDir/SystemCertsVerification" "$ca_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_ca_selftest_show-005: Show CAValidity selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAValidity > $ca_selftest_show_output" 0 "Show CAValidity Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAValidity > $ca_selftest_show_output" 0 "Show CAValidity Selftest" + rlAssertGrep "SelfTest \"CAValidity\"" "$ca_selftest_show_output" + rlAssertGrep " SelfTest ID: CAValidity" "$ca_selftest_show_output" + rlAssertGrep " Enabled at startup: false" "$ca_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-006: Copy CAValidity selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAValidity --output $TmpDir/CAValidity > $ca_selftest_show_output" 0 "Save CAValidity Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAValidity --output $TmpDir/CAValidity > $ca_selftest_show_output" 0 "Save CAValidity Selftest to a file" + rlAssertGrep "Stored selfTest \"CAValidity\" into $TmpDir/CAValidity" "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-007: Verify CAPresence selftest properties are shown using admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "show CAPresence selftest using $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "show CAPresence Selftest using $valid_admin_cert" + rlAssertGrep "SelfTest ID: CAPresence" "$ca_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-008: verify CAPresence selftest properties cannot be shown using agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_agent_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "Show CAPresence selftest property using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_agent_cert\" \ + ca-selftest-show CAPresence 2> $ca_selftest_show_output" 1,255 "Show CAPresence selftest property using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-009: verify CAPresence selftest properties cannot be shown using operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "Show CAPresence selftest property using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-show CAPresence 2> $ca_selftest_show_output" 1,255 "Show CAPresence selftest property using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-0010: verify CAPresence selftest properties cannot be shown using audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "Show CAPresence selftest property using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_operator_cert\" \ + ca-selftest-show CAPresence 2> $ca_selftest_show_output" 1,255 "Show CAPresence selftest property using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-0011: verify CAPresence selftest properties cannot be shown using revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_admin_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "Show CAPresence selftest property using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_admin_cert\" \ + ca-selftest-show CAPresence 2> $ca_selftest_show_output" 1,255 "Show CAPresence selftest property using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-0012: verify CAPresence selftest properties cannot be shown using revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_agent_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "Show CAPresence selftest property using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$revoked_agent_cert\" \ + ca-selftest-show CAPresence 2> $ca_selftest_show_output" 1,255 "Show CAPresence selftest property using $revoked_agent_cert" + rlAssertGrep "PKIException: Unauthorized" "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-0013: verify CAPresence selftest properties cannot be shown using Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_agent_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "Show CAPresence selftest property using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_agent_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output 2>&1" 1,255 "Show CAPresence selftest property using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ca_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-0014: verify CAPresence selftest properties cannot be shown using Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_admin_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output" 0 "Show CAPresence selftest property using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$expired_admin_cert\" \ + ca-selftest-show CAPresence > $ca_selftest_show_output 2>&1" 1,255 "Show CAPresence selftest property using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ca_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-0015: verify when no valid selftestID is provided pki ca-selftest-show show show proper help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show > $ca_selftest_show_output" 0 "Do not pass any selftestId" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show > $ca_selftest_show_output 2>&1" 255,1 "Do not pass any selftestId" + rlAssertGrep "Error: No SelfTest ID specified." "$ca_selftest_show_output" + rlAssertGrep "usage: ca-selftest-show \[OPTIONS...\]" "$ca_selftest_show_output" + rlAssertGrep " --help Show help options" "$ca_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$ca_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest_show-0016: verify when junk/invalid selftestid is provided, " + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show \"asdfasdf\" > $ca_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki ca-selftest-show" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ca_host \ + -p $tmp_ca_port \ + -n \"$valid_admin_cert\" \ + ca-selftest-show \"asdfasdf\" > $ca_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki ca-selftest-show" + rlAssertGrep "SelfTest \"asdfasdf\"" "$ca_selftest_show_output" + rlAssertGrep " SelfTest ID: asdfasdf" "$ca_selftest_show_output" + rlAssertGrep " Enabled at startup: false" "$ca_selftest_show_output" + rlAssertGrep " Enabled on demand: false" "$ca_selftest_show_output" + rlAssertNotGrep " SelfTest \"CAPresence\"" "$ca_selftest_show_output" + rlAssertNotGrep " SelfTest ID: CAPresence" "$ca_selftest_show_output" + rlAssertNotGrep " Enabled at startup: true" "$ca_selftest_show_output" + rlAssertNotGrep " Critical at startup: true" "$ca_selftest_show_output" + rlAssertNotGrep " Enabled on demand: true" "$ca_selftest_show_output" + rlAssertNotGrep " Critical on demand: true" "$ca_selftest_show_output" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ca-selftest-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "CA subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli.sh b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli.sh new file mode 100755 index 000000000..2f7e89f72 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ca-selftest +# Description: pki ca selftest tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki key cli commands needs to be tested: +# pki-ca-selftest --help +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-ca-selftest_tests() +{ + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki ca-selftest --help Test: Show all the options of pki ca-selftest" + local temp_out="$TmpDir/pki_ca_selftest" + rlLog "Executing pki ca-selftest --help" + rlRun "pki ca-selftest --help 1> $temp_out" 0 "pki ca-selftest --help" + rlAssertGrep "Commands:" "$temp_out" + rlAssertGrep " ca-selftest-find Find selftests" "$temp_out" + rlAssertGrep " ca-selftest-run Run selftests" "$temp_out" + rlAssertGrep " ca-selftest-show Show selftest" "$temp_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-001: pki ca-selftest with characters should return invalid module" + local temp_out1="$TmpDir/pki_ca_selftest001" + local rand=$(openssl rand -base64 50 | perl -p -e 's/\n//') + rlLog "Executing pki ca-selftest \"$junk\" characters" + rlRun "pki ca-selftest \"$junk\" 2> $temp_out1" 1,255 "Command pki ca-selftest with junk characters" + rlAssertGrep "Error: Invalid module" "$temp_out1" + rlPhaseEnd + + rlPhaseStartCleanup "pki ca-selftest cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-admin.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-admin.sh new file mode 100755 index 000000000..39867412a --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-admin.sh @@ -0,0 +1,218 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-selftest-cli +# +# Description: PKI KRA SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki kra-selftest cli commands needs to be tested: +# pki kra-selftest-admin +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-kra-selftest-admin_tests() +{ + # Local Variables + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki kra-selftest-admin + rlPhaseStartSetup "pki kra-selftest-admin Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + get_topo_stack $cs_Role $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$kra_instance_created" = "TRUE" ] ; then + + local tomcat_name=$(eval echo \$${KRA_INST}_TOMCAT_INSTANCE_NAME) + local target_secure_port=$(eval echo \$${KRA_INST}_SECURE_PORT) + local tmp_kra_agent=$KRA_INST\_agentV + local tmp_kra_admin=$KRA_INST\_adminV + local tmp_kra_port=$(eval echo \$${KRA_INST}_UNSECURE_PORT) + local tmp_kra_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$KRA_INST\_agentV + local valid_audit_cert=$KRA_INST\_auditV + local valid_operator_cert=$KRA_INST\_operatorV + local valid_admin_cert=$KRA_INST\_adminV + local revoked_agent_cert=$KRA_INST\_agentR + local revoked_admin_cert=$KRA_INST\_adminR + local expired_admin_cert=$KRA_INST\_adminE + local expired_agent_cert=$KRA_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local kra_selftest_show_output=$TmpDir/kra-selftest-admin.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + ### Config file + local kra_config_file="/var/lib/pki/$tomcat_name/kra/conf/CS.cfg" + local kra_db="/var/lib/pki/$tomcat_name/kra/alias/" + local kra_cert_list="transport,storage,sslserver,subsystem,audit_signing" + local kra_transport_nick=$(cat $kra_config_file | grep kra.transport.nickname | cut -d= -f2) + local kra_storage_nick=$(cat $kra_config_file | grep kra.storage.nickname | cut -d= -f2) + local kra_sslserver_nick=$(cat $kra_config_file | grep kra.sslserver.nickname | cut -d= -f2) + local kra_subsystem_nick=$(cat $kra_config_file | grep kra.subsystem.nickname | cut -d= -f2) + local kra_audit_nick=$(cat $kra_config_file | grep kra.audit_signing.nickname | cut -d= -f2) + local kra_token=$(cat $kra_config_file | grep kra.transport.tokenname | cut -d= -f2) + local kra_token_internal_passwd=$(cat /var/lib/pki/$tomcat_name/conf/password.conf | grep internal | cut -d= -f2) + local kra_hsm_passwd=$(cat /var/lib/pki/$tomcat_name/conf/password.conf | grep internal | cut -d= -f2) + local kra_token=$(cat $kra_config_file | grep kra.transport.tokenname | cut -d= -f2) + local signed_kra_audit_log="/var/log/pki/$tomcat_name/kra/signedAudit/kra_cert-kra_audit" + local selftest_log="/var/log/pki/$tomcat_name/kra/selftests.log" + local selftest_system_verification=$(cat $kra_config_file | grep selftests.container.order.startup | cut -d= -f2) + + rlPhaseStartSetup "Take backup of tomcatjss xml" + local tomcat_jss_xml_dir="/etc/pki/$tomcat_name/Catalina/localhost" + local tomcat_jss_xml_backup_dir="$TmpDir/tomcat_jss_backup" + rlLog "Take backup of $tomcat_jss_xml_dir Directory" + rlRun "cp -a $tomcat_jss_xml_dir $TmpDir/tomcat_jss_backup" + rlPhaseEnd + + rlPhaseStartTest "Restart DRM subsystem and make sure self tests executed successfully when self tests for system certs verification categorized as \"critical\" has valid system certificates." + local kra_cert_list_exist=$(cat $kra_config_file | grep ^kra.cert.list | cut -d= -f2) + rlLog "Verify if configuration file exists" + rlAssertExists "$kra_config_file" + rlAssertEquals "Verify $kra_config_file has list of system certificates parameter" "$kra_cert_list" "$kra_cert_list_exist" + if [ "$kra_token" = "Internal Key Storage Token" ]; then + rlRun "certutil -L -d $kra_db -n \"$kra_transport_nick\" > $TmpDir/cert.out" 0 "Verifying if transport cert exists in certificate db" + rlRun "certutil -L -d $kra_db -n \"$kra_storage_nick\" > $TmpDir/cert.out" 0 "Verifying if storage cert exists in certificate db" + rlRun "certutil -L -d $kra_db -n \"$kra_sslserver_nick\" > $TmpDir/cert.out" 0 "Verifying if sslserver cert exists in certificate db" + rlRun "certutil -L -d $kra_db -n \"$kra_subsystem_nick\" > $TmpDir/cert.out" 0 "Verifying if audit_signing cert exists in certificate db" + elif [ "$kra_token" = "NHSM6000" ]; then + rlRun "echo $kra_hsm_passwd > $TmpDir/hsm_passwd" 0 "Save hsm passwd in a file" + rlRun "certutil -L -d $kra_db -h $kra_token -f $TmpDir/hsm_passwd -n \"$kra_transport_nick\" > $TmpDir/cert.out" 0 "Verifying if transport cert exists in certificate db" + rlRun "certutil -L -d $kra_db -h $kra_token -f $TmpDir/hsm_passwd -n \"$kra_storage_nick\" > $TmpDir/cert.out" 0 "Verifying if storage cert exists in certificate db" + rlRun "certutil -L -d $kra_db -h $kra_token -f $TmpDir/hsm_passwd -n \"$kra_sslserver_nick\" > $TmpDir/cert.out" 0 "Verifying if sslserver cert exists in certificate db" + rlRun "certutil -L -d $kra_db -h $kra_token -f $TmpDir/hsm_passwd -n \"$kra_subsystem_nick\" > $TmpDir/cert.out" 0 "Verifying if audit_signing cert exists in certificate db" + fi + rlLog "Restart $tomcat_name instance" + + local cur_date=$(date +%d/%b/%Y:%H:%M) + rhcs_stop_instance $tomcat_name + rlLog "Empty the current signed kra audit log and selftest log" + rlRun "echo > $signed_kra_audit_log" + rlRun "echo > $selftest_log" + rhcs_start_instance $tomcat_name + rlRun "sleep 30" 0 "Sleep 30 seconds so that selftest.log is updated" + rlAssertGrep "All CRITICAL self test plugins ran SUCCESSFULLY at startup!" "$selftest_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$kra_transport_nick\] CIMC certificate verification" "$signed_kra_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$kra_storage_nick\] CIMC certificate verification" "$signed_kra_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$kra_sslserver_nick\] CIMC certificate verification" "$signed_kra_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$kra_subsystem_nick\] CIMC certificate verification" "$signed_kra_audit_log" + rlRun "tail -n 10 $signed_kra_audit_log | grep \"AuditEvent=SELFTESTS_EXECUTION\" > $TmpDir/kra-signed-audit.log" 0,1 "Get the current signed audit log" + rlAssertGrep "Outcome=Success" "$TmpDir/kra-signed-audit.log" + rlPhaseEnd + + rlPhaseStartTest "DRM fails to start when an in-correct (bogus) nickname is provided for a certificate categorized as \"critical\" for the selftest." + local cur_date_time=$(date +%d-%b-%Y:%H:%M) + local kra_config_file_backup="/var/lib/pki/$tomcat_name/kra/conf/CS.cfg-$cur_date_time" + local kra_storage_bogus_nick="Bogus-kraStorage" + rlLog "Backup existing kra CS.cfg" + rlRun "/usr/bin/cp $kra_config_file -f $kra_config_file_backup" 0 "Backup current CS.cfg" + rlLog "Stop $tomcat_name" + rlLog "Empty the current signed kra audit log" + rlRun "echo > $signed_kra_audit_log" + rhcs_stop_instance $tomcat_name + rlRun "sed -i s/"$kra_storage_nick"/"$kra_storage_bogus_nick"/ $kra_config_file" + local cur_date=$(date +%d/%b/%Y:%H:%M) + rhcs_start_instance $tomcat_name + rlAssertGrep "\[AuditEvent=SELFTESTS_EXECUTION\]\[SubjectID=\$System$\]\[Outcome=Failure\]" "$signed_kra_audit_log" + rlLog "Stop $tomcat_name" + rhcs_stop_instance $tomcat_name + rlLog "Revert the changes back to CS.cfg" + rlRun "/usr/bin/cp $kra_config_file_backup -f $kra_config_file" 0 "Revert back the changes done to CS.cfg" + rlLog "Remove the backup file" + rlRun "rm -f $kra_config_file_backup" + rhcs_start_instance $tomcat_name + rlLog "CS9 BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1221013" + rlPhaseEnd + + rlPhaseStartTest "DRM should start successfully when an in-correct (bogus) nickname is provided for a certificate categorized as \"non-critical\" for the selftest." + local cur_date_time=$(date +%d-%b-%Y:%H:%M) + local kra_config_file_backup="/var/lib/pki/$tomcat_name/kra/conf/CS.cfg-$cur_date_time" + local selftest_system_verification_change="SystemCertsVerification:non-critical" + rlLog "Backup existing kra CS.cfg" + local kra_storage_bogus_nick="Bogus-kraStorage" + rlRun "/usr/bin/cp $kra_config_file -f $kra_config_file_backup" 0 "Backup current CS.cfg" + rlLog "Stop $tomcat_name" + rlLog "Empty the current signed kra audit log" + rlRun "echo > $signed_kra_audit_log" + rhcs_stop_instance $tomcat_name + rlLog "Edit selftest with system cert verification as non-critical" + rlRun "sed -i s/"$selftest_system_verification"/"$selftest_system_verification_change"/ $kra_config_file" + rlRun "sed -i s/"$kra_storage_nick"/"$kra_storage_bogus_nick"/ $kra_config_file" + local cur_date=$(date +%d/%b/%Y:%H:%M) + rhcs_start_instance $tomcat_name + rlRun "sleep 30" 0 "Sleep 30 seconds so that audit log is updated" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$kra_transport_nick\] CIMC certificate verification" "$signed_kra_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Failure\]\[CertNickName=$kra_storage_bogus_nick\] CIMC certificate verification" "$signed_kra_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$kra_sslserver_nick\] CIMC certificate verification" "$signed_kra_audit_log" + rlAssertGrep "\[AuditEvent=CIMC_CERT_VERIFICATION\]\[SubjectID=\$System\$\]\[Outcome=Success\]\[CertNickName=$kra_subsystem_nick\] CIMC certificate verification" "$signed_kra_audit_log" + rlAssertGrep "\[AuditEvent=SELFTESTS_EXECUTION\]\[SubjectID=\$System$\]\[Outcome=Success\]" "$signed_kra_audit_log" + rlLog "Stop $tomcat_name" + rhcs_stop_instance $tomcat_name + rlLog "Revert the changes back to CS.cfg" + rlRun "/usr/bin/cp $kra_config_file_backup -f $kra_config_file" 0 "Revert back the changes done to CS.cfg" + rlLog "Remove the backup file" + rlRun "rm -f $kra_config_file_backup" + rhcs_start_instance $tomcat_name + rlLog "CS9 BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1221013" + rlPhaseEnd + + rlPhaseStartCleanup "pki kra-selftest-admin cleanup: Restore tomcatjss xml and delete temp dir" + rlLog "Restore kra.xml from $tomcat_jss_xml_backup_dir" + rlRun "cp -a $TmpDir/tomcat_jss_backup/kra.xml $tomcat_jss_xml_dir/kra.xml" 0 "Copy kra.xml" + rlLog "Restart $tomcat_name instance" + rhcs_stop_instance $tomcat_name + rhcs_start_instance $tomcat_name + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd + +else + rlLog "KRA Instance is not installed" +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-find.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-find.sh new file mode 100755 index 000000000..3e9833cb5 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-find.sh @@ -0,0 +1,383 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-selftest-cli +# +# Description: PKI KRA SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ca-selftest cli commands needs to be tested: +# pki kra-selftest-find +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-kra-selftest-find_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki kra-selftest-find + rlPhaseStartSetup "pki kra-selftest-find Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$kra_instance_created" = "TRUE" ] ; then + + local target_secure_port=$(eval echo \$${KRA_INST}_SECURE_PORT) + local tmp_ca_agent=$KRA_INST\_agentV + local tmp_ca_admin=$KRA_INST\_adminV + local tmp_kra_port=$(eval echo \$${KRA_INST}_UNSECURE_PORT) + local tmp_kra_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$KRA_INST\_agentV + local valid_audit_cert=$KRA_INST\_auditV + local valid_operator_cert=$KRA_INST\_operatorV + local valid_admin_cert=$KRA_INST\_adminV + local revoked_agent_cert=$KRA_INST\_agentR + local revoked_admin_cert=$KRA_INST\_adminR + local expired_admin_cert=$KRA_INST\_adminE + local expired_agent_cert=$KRA_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local kra_selftest_find_output=$TmpDir/kra-selftest-find.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki kra-selftest-find + rlPhaseStartTest "pki_kra_selftest_find-configtest: pki kra-selftest-find --help configuration test" + rlRun "pki kra-selftest-find --help > $kra_selftest_find_output" 0 "pki kra-selftest-find --help" + rlAssertGrep "usage: kra-selftest-find \[FILTER\] \[OPTIONS...\]" "$kra_selftest_find_output" + rlAssertGrep " --help Show help options" "$kra_selftest_find_output" + rlAssertGrep " --size Page size" "$kra_selftest_find_output" + rlAssertGrep " --start Page start" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-001: find all the existing selftests for CA using admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find > $kra_selftest_find_output" 0 "Find all the KRA Selftest using $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find > $kra_selftest_find_output" 0 "Find all the KRA Selftest using $valid_admin_cert" + rlAssertGrep "1 entries matched" "$kra_selftest_find_output" + rlAssertGrep " SelfTest ID: KRAPresence" "$kra_selftest_find_output" + rlAssertGrep " Enabled at startup: false" "$kra_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$kra_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-002: verifying all kra selftests cannot be found by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_agent_cert\" \ + kra-selftest-find > $kra_selftest_find_output" 0 "Find all the KRA Selftest using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_agent_cert\" \ + kra-selftest-find 2> $kra_selftest_find_output" 1,255 "Find all the KRA Selftest using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-003: verifying all kra selftests cannot be found by operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-find > $kra_selftest_find_output" 0 "Find all the KRA Selftest using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-find 2> $kra_selftest_find_output" 1,255 "Find all the KRA Selftest using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-004: verifying all kra selftests cannot be found by audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-find > $kra_selftest_find_output" 0 "Find all the KRA Selftest using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-find 2> $kra_selftest_find_output" 1,255 "Find all the KRA Selftest using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-005: verifying all kra selftests cannot be found by Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_admin_cert\" \ + kra-selftest-find > $kra_selftest_find_output" 0 "Find all the KRA Selftest using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_admin_cert\" \ + kra-selftest-find > $kra_selftest_find_output 2>&1" 1,255 "Find all the KRA Selftest using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-006: verifying all kra selftests cannot be found by Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_agent_cert\" \ + kra-selftest-find > $kra_selftest_find_output" 0 "Find all the KRA Selftest using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_agent_cert\" \ + kra-selftest-find > $kra_selftest_find_output 2>&1" 1,255 "Find all the KRA Selftest using $revoked_agent_cert" + rlAssertGrep "PKIException: Unauthorized" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-007: verifying all kra selftests cannot be found by Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_agent_cert\" \ + kra-selftest-find > $kra_selftest_find_output" 0 "Find all the KRA Selftest using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_agent_cert\" \ + kra-selftest-find > $kra_selftest_find_output 2>&1" 1,255 "Find all the KRA Selftest using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$kra_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-008: verifying all kra selftests cannot be found by Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_admin_cert\" \ + kra-selftest-find > $kra_selftest_find_output" 0 "Find all the KRA Selftest using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_admin_cert\" \ + kra-selftest-find > $kra_selftest_find_output 2>&1" 1,255 "Find all the KRA Selftest using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$kra_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-009: verify when --size 1 is specified only 1 KRA selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size 1 > $kra_selftest_find_output" 0 "Run pki kra-selftest-find --size 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size 1 1> $kra_selftest_find_output" 0 "Run pki kra-selftest-find --size 1" + rlAssertGrep "1 entries matched" "$kra_selftest_find_output" + rlAssertGrep " SelfTest ID: KRAPresence" "$kra_selftest_find_output" + rlAssertGrep " Enabled at startup: false" "$kra_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$kra_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$kra_selftest_find_output" + rlPhaseEnd + + + rlPhaseStart "pki_kra_selftest_find-0010: verify when value given in --size is more than 3 display all the selftests" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size 100 > $kra_selftest_find_output" 0 "Run pki kra-selftest-find --size 100" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size 100 > $kra_selftest_find_output" 0 "Run pki kra-selftest-find --size 100" + rlAssertGrep "1 entries matched" "$kra_selftest_find_output" + rlAssertGrep " SelfTest ID: KRAPresence" "$kra_selftest_find_output" + rlAssertGrep " Enabled at startup: false" "$kra_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$kra_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-0011: verify when value given in --size is junk no results are returned" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size adafdafds > $kra_selftest_find_output" 0 "Run pki kra-selftest-find --size adafdafds" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size adafdafds > $kra_selftest_find_output 2>&1" 1,255 "Run pki kra-selftest-find --size adafdafds" + rlAssertGrep "NumberFormatException: For input string: \"adafdafds\"" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-0012: verify when no value with --size command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size > $kra_selftest_find_output 2>&1" 1,255 "No value is passed to pki kra-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size > $kra_selftest_find_output 2>&1" 1,255 "No value is passed to pki kra-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: size" "$kra_selftest_find_output" + rlAssertGrep "usage: kra-selftest-find \[FILTER\] \[OPTIONS...\]" "$kra_selftest_find_output" + rlAssertGrep " --help Show help options" "$kra_selftest_find_output" + rlAssertGrep " --size Page size" "$kra_selftest_find_output" + rlAssertGrep " --start Page start" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-0013: verify when --size 1 and --start 1 is specified only 1 KRA selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size 1 --start 1 > $kra_selftest_find_output" 0 "Run pki kra-selftest-find --size 1 --start 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --size 1 --start 0 > $kra_selftest_find_output" 0 "Run pki kra-selftest-find --size 1 --start 1" + rlAssertGrep "1 entries matched" "$kra_selftest_find_output" + rlAssertGrep " SelfTest ID: KRAPresence" "$kra_selftest_find_output" + rlAssertGrep " Enabled at startup: false" "$kra_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$kra_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$kra_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_find-0014: verify when no value with --start command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --start > $kra_selftest_find_output 2>&1" 1,255 "No value is passed to pki kra-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-find --start > $kra_selftest_find_output 2>&1" 1,255 "No value is passed to pki kra-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: start" "$kra_selftest_find_output" + rlAssertGrep "usage: kra-selftest-find \[FILTER\] \[OPTIONS...\]" "$kra_selftest_find_output" + rlAssertGrep " --help Show help options" "$kra_selftest_find_output" + rlAssertGrep " --size Page size" "$kra_selftest_find_output" + rlAssertGrep " --start Page start" "$kra_selftest_find_output" + rlPhaseEnd +else + rlPhaseStartCleanup "pki kra-selftest-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "KRA subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-run.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-run.sh new file mode 100755 index 000000000..1b8a9a1ec --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-run.sh @@ -0,0 +1,281 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-selftest-cli +# +# Description: PKI KRA SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ca-selftest cli commands needs to be tested: +# pki kra-selftest-run +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-kra-selftest-run_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki kra-selftest-run + rlPhaseStartSetup "pki kra-selftest-run Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$kra_instance_created" = "TRUE" ] ; then + + local target_secure_port=$(eval echo \$${KRA_INST}_SECURE_PORT) + local tmp_ca_agent=$KRA_INST\_agentV + local tmp_ca_admin=$KRA_INST\_adminV + local tmp_kra_port=$(eval echo \$${KRA_INST}_UNSECURE_PORT) + local tmp_kra_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$KRA_INST\_agentV + local valid_audit_cert=$KRA_INST\_auditV + local valid_operator_cert=$KRA_INST\_operatorV + local valid_admin_cert=$KRA_INST\_adminV + local revoked_agent_cert=$KRA_INST\_agentR + local revoked_admin_cert=$KRA_INST\_adminR + local expired_admin_cert=$KRA_INST\_adminE + local expired_agent_cert=$KRA_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local kra_selftest_run_output=$TmpDir/kra-selftest-run.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki kra-selftest-run + rlPhaseStartTest "pki_kra_selftest_run-configtest: pki kra-selftest-run --help configuration test" + rlRun "pki kra-selftest-run --help > $kra_selftest_run_output" 0 "pki kra-selftest-run --help" + rlAssertGrep "usage: kra-selftest-run \[OPTIONS...\]" "$kra_selftest_run_output" + rlAssertGrep " --help Show help options" "$kra_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_run-001: Run CA Selftest using admin cert and verify ca subsystem is up" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-run > $kra_selftest_run_output" 0 "Execute pki kra-selftest-run as $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-run > $kra_selftest_run_output" 0 "Execute pki kra-selftest-run as $valid_admin_cert" + rlAssertGrep "Selftests completed" "$kra_selftest_run_output" + rlLog "Verify ca instance is running" + rlRun "systemctl status pki-tomcatd@$(eval echo \$${KRA_INST}_TOMCAT_INSTANCE_NAME) 1> $TmpDir/systemctl.out" + rlAssertGrep "Active: active (running)" "$TmpDir/systemctl.out" + rlLog "Ascertain by running pki key-generate command if kra instance is responding" + local rand=$RANDOM + local client_id=temp$rand + local algo=AES + local key_size=192 + local usages=unwrap + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_agent_cert\" \ + key-generate $client_id \ + --key-algorithm $algo \ + --key-size $key_size \ + --usages $usages > $TmpDir/key-generate.out" 0 "Execute pki key-generate to verify if kra instance is responding" + rlAssertGrep "Key generation request info" "$TmpDir/key-generate.out" + rlAssertGrep " Type: symkeyGenReques" "$TmpDir/key-generate.out" + rlAssertGrep " Status: complete" "$TmpDir/key-generate.out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_run-002: Verify ca selftests cannot be run by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_agent_cert\" \ + kra-selftest-run > $kra_selftest_run_output" 0 "Execute pki kra-selftest-run as $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_agent_cert\" \ + kra-selftest-run 2> $kra_selftest_run_output" 1,255 "Execute pki kra-selftest-run as $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_run-003: Verify ca selftests cannot be run operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-run > $kra_selftest_run_output" 0 "Execute pki kra-selftest-run as $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-run 2> $kra_selftest_run_output" 1,255 "Execute pki kra-selftest-run as $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_run-004: Verify ca selftests cannot be run audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-run > $kra_selftest_run_output" 0 "Execute pki kra-selftest-run as $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-run 2> $kra_selftest_run_output" 1,255 "Execute pki kra-selftest-run as $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_run-005: Verify ca selftests cannot be run Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_admin_cert\" \ + kra-selftest-run > $kra_selftest_run_output" 0 "Execute pki kra-selftest-run as $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_admin_cert\" \ + kra-selftest-run 2> $kra_selftest_run_output" 1,255 "Execute pki kra-selftest-run as $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$kra_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_run-006: Verify ca selftests cannot be run Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_agent_cert\" \ + kra-selftest-run > $kra_selftest_run_output" 0 "Execute pki kra-selftest-run as $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_agent_cert\" \ + kra-selftest-run 2> $kra_selftest_run_output" 1,255 "Execute pki kra-selftest-run as $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_run-007: Verify ca selftests cannot be run Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_agent_cert\" \ + kra-selftest-run > $kra_selftest_run_output" 0 "Execute pki kra-selftest-run as $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_agent_cert\" \ + kra-selftest-run > $kra_selftest_run_output 2>&1" 1,255 "Execute pki kra-selftest-run as $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$kra_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_run-008: Verify ca selftests cannot be run Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_admin_cert\" \ + kra-selftest-run > $kra_selftest_run_output" 0 "Execute pki kra-selftest-run as $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_admin_cert\" \ + kra-selftest-run > $kra_selftest_run_output 2>&1" 1,255 "Execute pki kra-selftest-run as $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$kra_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd +else + rlPhaseStartCleanup "pki kra-selftest-run cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "KRA Subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-show.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-show.sh new file mode 100755 index 000000000..a512c621e --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-show.sh @@ -0,0 +1,325 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-selftest-cli +# +# Description: PKI KRA SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki kra-selftest cli commands needs to be tested: +# pki kra-selftest-show +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-kra-selftest-show_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki kra-selftest-show + rlPhaseStartSetup "pki kra-selftest-show Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2) + kra_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$KRA_INST + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=KRA3 + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + kra_instance_created=$(eval echo \$${KRA_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$kra_instance_created" = "TRUE" ] ; then + local target_secure_port=$(eval echo \$${KRA_INST}_SECURE_PORT) + local tmp_ca_agent=$KRA_INST\_agentV + local tmp_ca_admin=$KRA_INST\_adminV + local tmp_kra_port=$(eval echo \$${KRA_INST}_UNSECURE_PORT) + local tmp_kra_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$KRA_INST\_agentV + local valid_audit_cert=$KRA_INST\_auditV + local valid_operator_cert=$KRA_INST\_operatorV + local valid_admin_cert=$KRA_INST\_adminV + local revoked_agent_cert=$KRA_INST\_agentR + local revoked_admin_cert=$KRA_INST\_adminR + local expired_admin_cert=$KRA_INST\_adminE + local expired_agent_cert=$KRA_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local kra_selftest_show_output=$TmpDir/kra-selftest-show.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki kra-selftest-show + rlPhaseStartTest "pki_kra_selftest_show-configtest: pki kra-selftest-show --help configuration test" + rlRun "pki kra-selftest-show --help > $kra_selftest_show_output" 0 "pki kra-selftest-show --help" + rlAssertGrep "usage: kra-selftest-show \[OPTIONS...\]" "$kra_selftest_show_output" + rlAssertGrep " --help Show help options" "$kra_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$kra_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-001: Show KRAPresence selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output" 0 "Show KRAPresence Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output" 0 "Show KRAPresence Selftest" + rlAssertGrep "SelfTest \"KRAPresence\"" "$kra_selftest_show_output" + rlAssertGrep " SelfTest ID: KRAPresence" "$kra_selftest_show_output" + rlAssertGrep " Enabled at startup: false" "$kra_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$kra_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$kra_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_kra_selftest_show-002: Copy KRAPresence selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-show KRAPresence --output $TmpDir/KRAPresence > $kra_selftest_show_output" 0 "Save KRAPresence Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-show KRAPresence --output $TmpDir/KRAPresence > $kra_selftest_show_output" 0 "Save KRAPresence Selftest to a file" + rlAssertGrep "Stored selfTest \"KRAPresence\" into $TmpDir/KRAPresence" "$kra_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-003: verify KRAPresence selftest properties cannot be shown using agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_agent_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output" 0 "Show KRAPresence selftest property using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_agent_cert\" \ + kra-selftest-show KRAPresence 2> $kra_selftest_show_output" 1,255 "Show KRAPresence selftest property using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-004: verify KRAPresence selftest properties cannot be shown using operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output" 0 "Show KRAPresence selftest property using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-show KRAPresence 2> $kra_selftest_show_output" 1,255 "Show KRAPresence selftest property using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-005: verify KRAPresence selftest properties cannot be shown using audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output" 0 "Show KRAPresence selftest property using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_operator_cert\" \ + kra-selftest-show KRAPresence 2> $kra_selftest_show_output" 1,255 "Show KRAPresence selftest property using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-006: verify KRAPresence selftest properties cannot be shown using revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_admin_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output" 0 "Show KRAPresence selftest property using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_admin_cert\" \ + kra-selftest-show KRAPresence 2> $kra_selftest_show_output" 1,255 "Show KRAPresence selftest property using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$kra_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-007: verify KRAPresence selftest properties cannot be shown using revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_agent_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output" 0 "Show KRAPresence selftest property using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$revoked_agent_cert\" \ + kra-selftest-show KRAPresence 2> $kra_selftest_show_output" 1,255 "Show KRAPresence selftest property using $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$kra_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-008: verify KRAPresence selftest properties cannot be shown using Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_agent_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output" 0 "Show KRAPresence selftest property using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_agent_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output 2>&1" 1,255 "Show KRAPresence selftest property using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$kra_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-009: verify KRAPresence selftest properties cannot be shown using Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_admin_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output" 0 "Show KRAPresence selftest property using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$expired_admin_cert\" \ + kra-selftest-show KRAPresence > $kra_selftest_show_output 2>&1" 1,255 "Show KRAPresence selftest property using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$kra_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-0010: verify when no valid selftestID is provided pki kra-selftest-show show show proper help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-show > $kra_selftest_show_output" 0 "Do not pass any selftestId" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-show > $kra_selftest_show_output 2>&1" 255,1 "Do not pass any selftestId" + rlAssertGrep "Error: No SelfTest ID specified." "$kra_selftest_show_output" + rlAssertGrep "usage: kra-selftest-show \[OPTIONS...\]" "$kra_selftest_show_output" + rlAssertGrep " --help Show help options" "$kra_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$kra_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest_show-0011: verify when junk/invalid selftestid is provided, no valid selftest ID properties should be shown" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-show \"asdfasdf\" > $kra_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki kra-selftest-show" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_kra_host \ + -p $tmp_kra_port \ + -n \"$valid_admin_cert\" \ + kra-selftest-show \"asdfasdf\" > $kra_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki kra-selftest-show" + rlAssertGrep "SelfTest \"asdfasdf\"" "$kra_selftest_show_output" + rlAssertGrep " SelfTest ID: asdfasdf" "$kra_selftest_show_output" + rlAssertGrep " Enabled at startup: false" "$kra_selftest_show_output" + rlAssertGrep " Enabled on demand: false" "$kra_selftest_show_output" + rlAssertNotGrep " SelfTest \"KRAPresence\"" "$kra_selftest_show_output" + rlAssertNotGrep " SelfTest ID: KRAPresence" "$kra_selftest_show_output" + rlAssertNotGrep " Enabled at startup: true" "$kra_selftest_show_output" + rlAssertNotGrep " Critical at startup: true" "$kra_selftest_show_output" + rlAssertNotGrep " Enabled on demand: true" "$kra_selftest_show_output" + rlAssertNotGrep " Critical on demand: true" "$kra_selftest_show_output" + rlPhaseEnd +else + rlPhaseStartCleanup "pki kra-selftest-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "KRA Subsysem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli.sh b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli.sh new file mode 100755 index 000000000..c326c3480 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-kra-selftest +# Description: pki kra selftest tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-kra-selftest_tests() +{ + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki kra-selftest --help Test: Show all the options of pki kra-selftest" + local temp_out="$TmpDir/pki_ca_selftest" + rlLog "Executing pki kra-selftest --help" + rlRun "pki kra-selftest --help 1> $temp_out" 0 "pki kra-selftest --help" + rlAssertGrep "Commands:" "$temp_out" + rlAssertGrep " kra-selftest-find Find selftests" "$temp_out" + rlAssertGrep " kra-selftest-run Run selftests" "$temp_out" + rlAssertGrep " kra-selftest-show Show selftest" "$temp_out" + rlPhaseEnd + + rlPhaseStartTest "pki_kra_selftest-001: pki kra-selftest with characters should return invalid module" + local temp_out1="$TmpDir/pki_kra_selftest001" + local rand=$(openssl rand -base64 50 | perl -p -e 's/\n//') + rlLog "Executing pki kra-selftest \"$junk\" characters" + rlRun "pki kra-selftest \"$junk\" 2> $temp_out1" 1,255 "Command pki kra-selftest with junk characters" + rlAssertGrep "Error: Invalid module" "$temp_out1" + rlPhaseEnd + + rlPhaseStartCleanup "pki kra-selftest cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-find.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-find.sh new file mode 100755 index 000000000..a27c4b8b1 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-find.sh @@ -0,0 +1,407 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-selftest-cli +# +# Description: PKI OCSP SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ocsp-selftest cli commands needs to be tested: +# pki ocsp-selftest-find +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_pki-ocsp-selftest-find_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki ocsp-selftest-find + rlPhaseStartSetup "pki ocsp-selftest-find Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Loocspl Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ] ; then + local target_secure_port=$(eval echo \$${OCSP_INST}_SECURE_PORT) + local tmp_ocsp_agent=$OCSP_INST\_agentV + local tmp_ocsp_admin=$OCSP_INST\_adminV + local tmp_ocsp_port=$(eval echo \$${OCSP_INST}_UNSECURE_PORT) + local tmp_ocsp_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$OCSP_INST\_agentV + local valid_audit_cert=$OCSP_INST\_auditV + local valid_operator_cert=$OCSP_INST\_operatorV + local valid_admin_cert=$OCSP_INST\_adminV + local revoked_agent_cert=$OCSP_INST\_agentR + local revoked_admin_cert=$OCSP_INST\_adminR + local expired_admin_cert=$OCSP_INST\_adminE + local expired_agent_cert=$OCSP_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local ocsp_selftest_find_output=$TmpDir/ocsp-selftest-find.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki ocsp-selftest-find + rlPhaseStartTest "pki_ocsp_selftest_find-configtest: pki ocsp-selftest-find --help configuration test" + rlRun "pki ocsp-selftest-find --help > $ocsp_selftest_find_output" 0 "pki ocsp-selftest-find --help" + rlAssertGrep "usage: ocsp-selftest-find \[FILTER\] \[OPTIONS...\]" "$ocsp_selftest_find_output" + rlAssertGrep " --help Show help options" "$ocsp_selftest_find_output" + rlAssertGrep " --size Page size" "$ocsp_selftest_find_output" + rlAssertGrep " --start Page start" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find_find-001: find all the existing selftests for OCSP using admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output" 0 "Find all the OCSP Selftest using $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output" 0 "Find all the OCSP Selftest using $valid_admin_cert" + rlAssertGrep "3 entries matched" "$ocsp_selftest_find_output" + rlAssertGrep " SelfTest ID: OCSPPresence" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " SelfTest ID: OCSPValidity" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-002: verifying all ocsp selftests cannot be found by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_agent_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output" 0 "Find all the OCSP Selftest using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_agent_cert\" \ + ocsp-selftest-find 2> $ocsp_selftest_find_output" 1,255 "Find all the OCSP Selftest using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-003: verifying all ocsp selftests cannot be found by operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output" 0 "Find all the OCSP Selftest using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-find 2> $ocsp_selftest_find_output" 1,255 "Find all the OCSP Selftest using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-004: verifying all ocsp selftests cannot be found by audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output" 0 "Find all the OCSP Selftest using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-find 2> $ocsp_selftest_find_output" 1,255 "Find all the OCSP Selftest using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-005: verifying all ocsp selftests cannot be found by Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_admin_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output" 0 "Find all the OCSP Selftest using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_admin_cert\" \ + ocsp-selftest-find 2> $ocsp_selftest_find_output" 1,255 "Find all the OCSP Selftest using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-006: verifying all ocsp selftests cannot be found by Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_agent_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output" 0 "Find all the OCSP Selftest using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_agent_cert\" \ + ocsp-selftest-find 2> $ocsp_selftest_find_output" 1,255 "Find all the OCSP Selftest using $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-007: verifying all ocsp selftests cannot be found by Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_agent_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output" 0 "Find all the OCSP Selftest using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_agent_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output 2>&1" 1,255 "Find all the OCSP Selftest using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ocsp_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-008: verifying all ocsp selftests cannot be found by Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_admin_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output" 0 "Find all the OCSP Selftest using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_admin_cert\" \ + ocsp-selftest-find > $ocsp_selftest_find_output 2>&1" 1,255 "Find all the OCSP Selftest using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ocsp_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-009: verify when --size 1 is specified only 1 OCSP selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size 1 > $ocsp_selftest_find_output" 0 "Run pki ocsp-selftest-find --size 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size 1 1> $ocsp_selftest_find_output" 0 "Run pki ocsp-selftest-find --size 1" + rlAssertGrep "3 entries matched" "$ocsp_selftest_find_output" + rlAssertGrep " SelfTest ID: OCSPPresence" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_find_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_selftest_find-0010: verify when value given in --size is more than 3 display all the selftests" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size 100 > $ocsp_selftest_find_output" 0 "Run pki ocsp-selftest-find --size 100" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size 100 > $ocsp_selftest_find_output" 0 "Run pki ocsp-selftest-find --size 100" + rlAssertGrep "3 entries matched" "$ocsp_selftest_find_output" + rlAssertGrep " SelfTest ID: OCSPPresence" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " SelfTest ID: OCSPValidity" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-0011: verify when value given in --size is junk no results are returned" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size adafdafds > $ocsp_selftest_find_output" 0 "Run pki ocsp-selftest-find --size adafdafds" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size adafdafds > $ocsp_selftest_find_output 2>&1" 1,255 "Run pki ocsp-selftest-find --size adafdafds" + rlAssertGrep "NumberFormatException: For input string: \"adafdafds\"" "$ocsp_selftest_find_output" + rlAssertGroup + PhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-0012: verify when no value with --size command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size > $ocsp_selftest_find_output 2>&1" 1,255 "No value is passed to pki ocsp-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size > $ocsp_selftest_find_output 2>&1" 1,255 "No value is passed to pki ocsp-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: size" "$ocsp_selftest_find_output" + rlAssertGrep "usage: ocsp-selftest-find \[FILTER\] \[OPTIONS...\]" "$ocsp_selftest_find_output" + rlAssertGrep " --help Show help options" "$ocsp_selftest_find_output" + rlAssertGrep " --size Page size" "$ocsp_selftest_find_output" + rlAssertGrep " --start Page start" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-0013: verify when --size 1 and --start 1 is specified only 1 OCSP selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size 1 --start 1 > $ocsp_selftest_find_output" 0 "Run pki ocsp-selftest-find --size 1 --start 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --size 1 --start 1 > $ocsp_selftest_find_output" 0 "Run pki ocsp-selftest-find --size 1 --start 1" + rlAssertGrep "3 entries matched" "$ocsp_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_find-0014: verify when no value with --start command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --start > $ocsp_selftest_find_output 2>&1" 1,255 "No value is passed to pki ocsp-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-find --start > $ocsp_selftest_find_output 2>&1" 1,255 "No value is passed to pki ocsp-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: start" "$ocsp_selftest_find_output" + rlAssertGrep "usage: ocsp-selftest-find \[FILTER\] \[OPTIONS...\]" "$ocsp_selftest_find_output" + rlAssertGrep " --help Show help options" "$ocsp_selftest_find_output" + rlAssertGrep " --size Page size" "$ocsp_selftest_find_output" + rlAssertGrep " --start Page start" "$ocsp_selftest_find_output" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-selftest-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi + +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-run.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-run.sh new file mode 100755 index 000000000..c9a9e1591 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-run.sh @@ -0,0 +1,270 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-selftest-cli +# +# Description: PKI OCSP SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ocsp-selftest cli commands needs to be tested: +# pki ocsp-selftest-run +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-ocsp-selftest-run_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki ocsp-selftest-run + rlPhaseStartSetup "pki ocsp-selftest-run Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Loocspl Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ] ; then + local target_secure_port=$(eval echo \$${OCSP_INST}_SECURE_PORT) + local tmp_ocsp_agent=$OCSP_INST\_agentV + local tmp_ocsp_admin=$OCSP_INST\_adminV + local tmp_ocsp_port=$(eval echo \$${OCSP_INST}_UNSECURE_PORT) + local tmp_ocsp_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$OCSP_INST\_agentV + local valid_audit_cert=$OCSP_INST\_auditV + local valid_operator_cert=$OCSP_INST\_operatorV + local valid_admin_cert=$OCSP_INST\_adminV + local revoked_agent_cert=$OCSP_INST\_agentR + local revoked_admin_cert=$OCSP_INST\_adminR + local expired_admin_cert=$OCSP_INST\_adminE + local expired_agent_cert=$OCSP_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local ocsp_selftest_run_output=$TmpDir/ocsp-selftest-run.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki ocsp-selftest-run + rlPhaseStartTest "pki_ocsp_selftest_run-configtest: pki ocsp-selftest-run --help configuration test" + rlRun "pki ocsp-selftest-run --help > $ocsp_selftest_run_output" 0 "pki ocsp-selftest-run --help" + rlAssertGrep "usage: ocsp-selftest-run \[OPTIONS...\]" "$ocsp_selftest_run_output" + rlAssertGrep " --help Show help options" "$ocsp_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_run-001: Run OCSP Selftest using admin cert and verify ocsp subsystem is up" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output" 0 "Execute pki ocsp-selftest-run as $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output" 0 "Execute pki ocsp-selftest-run as $valid_admin_cert" + rlAssertGrep "Selftests completed" "$ocsp_selftest_run_output" + rlLog "Verify ocsp instance is running" + rlRun "systemctl status pki-tomcatd@$(eval echo \$${OCSP_INST}_TOMCAT_INSTANCE_NAME) 1> $TmpDir/systemctl.out" + rlAssertGrep "Active: active (running)" "$TmpDir/systemctl.out" + rlLog "Ascertain by running pki ocsp-user-find command if ocsp instance is responding" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-user-find --size 1 > $Tmpdir/ocsp-user-find.out" 0 "Execute pki ocsp-user-find to verify if ocsp instance is responding" + rlAssertGrep "Number of entries returned 1" "$Tmpdir/ocsp-user-find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_run-002: Verify ocsp selftests cannot be run by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_agent_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output" 0 "Execute pki ocsp-selftest-run as $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_agent_cert\" \ + ocsp-selftest-run 2> $ocsp_selftest_run_output" 1,255 "Execute pki ocsp-selftest-run as $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_run-003: Verify ocsp selftests cannot be run operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output" 0 "Execute pki ocsp-selftest-run as $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-run 2> $ocsp_selftest_run_output" 1,255 "Execute pki ocsp-selftest-run as $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_run-004: Verify ocsp selftests cannot be run audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output" 0 "Execute pki ocsp-selftest-run as $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-run 2> $ocsp_selftest_run_output" 1,255 "Execute pki ocsp-selftest-run as $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_run-005: Verify ocsp selftests cannot be run Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_admin_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output" 0 "Execute pki ocsp-selftest-run as $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_admin_cert\" \ + ocsp-selftest-run 2> $ocsp_selftest_run_output" 1,255 "Execute pki ocsp-selftest-run as $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$ocsp_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_run-006: Verify ocsp selftests cannot be run Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_agent_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output" 0 "Execute pki ocsp-selftest-run as $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_agent_cert\" \ + ocsp-selftest-run 2> $ocsp_selftest_run_output" 1,255 "Execute pki ocsp-selftest-run as $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_run-007: Verify ocsp selftests cannot be run Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_agent_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output" 0 "Execute pki ocsp-selftest-run as $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_agent_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output 2>&1" 1,255 "Execute pki ocsp-selftest-run as $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ocsp_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_run-008: Verify ocsp selftests cannot be run Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_admin_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output" 0 "Execute pki ocsp-selftest-run as $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_admin_cert\" \ + ocsp-selftest-run > $ocsp_selftest_run_output 2>&1" 1,255 "Execute pki ocsp-selftest-run as $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ocsp_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-selftest-run cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-show.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-show.sh new file mode 100755 index 000000000..875886d33 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-show.sh @@ -0,0 +1,422 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-selftest-cli +# +# Description: PKI OCSP SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ocsp-selftest cli commands needs to be tested: +# pki ocsp-selftest-show +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-ocsp-selftest-show_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki ocsp-selftest-show + rlPhaseStartSetup "pki ocsp-selftest-show Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local OCSP_INST=$(cat $TmpDir/topo_file | grep MY_OCSP | cut -d= -f2) + ocsp_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$OCSP_INST + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=OCSP3 + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + ocsp_instance_created=$(eval echo \$${OCSP_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$ocsp_instance_created" = "TRUE" ] ; then + + local target_secure_port=$(eval echo \$${OCSP_INST}_SECURE_PORT) + local tmp_ocsp_agent=$OCSP_INST\_agentV + local tmp_ocsp_admin=$OCSP_INST\_adminV + local tmp_ocsp_port=$(eval echo \$${OCSP_INST}_UNSECURE_PORT) + local tmp_ocsp_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$OCSP_INST\_agentV + local valid_audit_cert=$OCSP_INST\_auditV + local valid_operator_cert=$OCSP_INST\_operatorV + local valid_admin_cert=$OCSP_INST\_adminV + local revoked_agent_cert=$OCSP_INST\_agentR + local revoked_admin_cert=$OCSP_INST\_adminR + local expired_admin_cert=$OCSP_INST\_adminE + local expired_agent_cert=$OCSP_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local ocsp_selftest_show_output=$TmpDir/ocsp-selftest-show.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki ocsp-selftest-show + rlPhaseStartTest "pki_ocsp_selftest_show-configtest: pki ocsp-selftest-show --help configuration test" + rlRun "pki ocsp-selftest-show --help > $ocsp_selftest_show_output" 0 "pki ocsp-selftest-show --help" + rlAssertGrep "usage: ocsp-selftest-show \[OPTIONS...\]" "$ocsp_selftest_show_output" + rlAssertGrep " --help Show help options" "$ocsp_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-001: Show OCSPPresence selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "Show OCSPPresence Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "Show OCSPPresence Selftest" + rlAssertGrep "SelfTest \"OCSPPresence\"" "$ocsp_selftest_show_output" + rlAssertGrep " SelfTest ID: OCSPPresence" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_selftest_show-002: Copy OCSPPresence selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPPresence --output $TmpDir/OCSPPresence > $ocsp_selftest_show_output" 0 "Save OCSPPresence Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPPresence --output $TmpDir/OCSPPresence > $ocsp_selftest_show_output" 0 "Save OCSPPresence Selftest to a file" + rlAssertGrep "Stored selfTest \"OCSPPresence\" into $TmpDir/OCSPPresence" "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-003: Show SystemCertsVerification selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show SystemCertsVerification > $ocsp_selftest_show_output" 0 "Show SystemCertsVerification Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show SystemCertsVerification > $ocsp_selftest_show_output" 0 "Show SystemCertsVerification Selftest" + rlAssertGrep "SelfTest \"SystemCertsVerification\"" "$ocsp_selftest_show_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_selftest_show-004: Copy SystemCertsVerification selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show SystemCertsVerification --output $TmpDir/SystemCertsVerification > $ocsp_selftest_show_output" 0 "Save SystemCertsVerification Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show SystemCertsVerification --output $TmpDir/SystemCertsVerification > $ocsp_selftest_show_output" 0 "Save SystemCertsVerification Selftest to a file" + rlAssertGrep "Stored selfTest \"SystemCertsVerification\" into $TmpDir/SystemCertsVerification" "$ocsp_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_ocsp_selftest_show-005: Show OCSPValidity selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPValidity > $ocsp_selftest_show_output" 0 "Show OCSPValidity Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPValidity > $ocsp_selftest_show_output" 0 "Show OCSPValidity Selftest" + rlAssertGrep "SelfTest \"OCSPValidity\"" "$ocsp_selftest_show_output" + rlAssertGrep " SelfTest ID: OCSPValidity" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled at startup: false" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-006: Copy OCSPValidity selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPValidity --output $TmpDir/OCSPValidity > $ocsp_selftest_show_output" 0 "Save OCSPValidity Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPValidity --output $TmpDir/OCSPValidity > $ocsp_selftest_show_output" 0 "Save OCSPValidity Selftest to a file" + rlAssertGrep "Stored selfTest \"OCSPValidity\" into $TmpDir/OCSPValidity" "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-007: Verify OCSPPresence selftest properties are shown using admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "show OCSPPresence selftest using $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "show OCSPPresence Selftest using $valid_admin_cert" + rlAssertGrep "SelfTest ID: OCSPPresence" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$ocsp_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$ocsp_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-008: verify OCSPPresence selftest properties cannot be shown using agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_agent_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "Show OCSPPresence selftest property using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_agent_cert\" \ + ocsp-selftest-show OCSPPresence 2> $ocsp_selftest_show_output" 1,255 "Show OCSPPresence selftest property using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-009: verify OCSPPresence selftest properties cannot be shown using operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "Show OCSPPresence selftest property using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-show OCSPPresence 2> $ocsp_selftest_show_output" 1,255 "Show OCSPPresence selftest property using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-0010: verify OCSPPresence selftest properties cannot be shown using audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "Show OCSPPresence selftest property using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_operator_cert\" \ + ocsp-selftest-show OCSPPresence 2> $ocsp_selftest_show_output" 1,255 "Show OCSPPresence selftest property using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-0011: verify OCSPPresence selftest properties cannot be shown using revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_admin_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "Show OCSPPresence selftest property using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_admin_cert\" \ + ocsp-selftest-show OCSPPresence 2> $ocsp_selftest_show_output" 1,255 "Show OCSPPresence selftest property using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-0012: verify OCSPPresence selftest properties cannot be shown using revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_agent_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "Show OCSPPresence selftest property using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$revoked_agent_cert\" \ + ocsp-selftest-show OCSPPresence 2> $ocsp_selftest_show_output" 1,255 "Show OCSPPresence selftest property using $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-0013: verify OCSPPresence selftest properties cannot be shown using Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_agent_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "Show OCSPPresence selftest property using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_agent_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output 2>&1" 1,255 "Show OCSPPresence selftest property using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ocsp_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-0014: verify OCSPPresence selftest properties cannot be shown using Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_admin_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output" 0 "Show OCSPPresence selftest property using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$expired_admin_cert\" \ + ocsp-selftest-show OCSPPresence > $ocsp_selftest_show_output 2>&1" 1,255 "Show OCSPPresence selftest property using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ocsp_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-0015: verify when no valid selftestID is provided pki ocsp-selftest-show show show proper help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show > $ocsp_selftest_show_output" 0 "Do not pass any selftestId" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show > $ocsp_selftest_show_output 2>&1" 255,1 "Do not pass any selftestId" + rlAssertGrep "Error: No SelfTest ID specified." "$ocsp_selftest_show_output" + rlAssertGrep "usage: ocsp-selftest-show \[OPTIONS...\]" "$ocsp_selftest_show_output" + rlAssertGrep " --help Show help options" "$ocsp_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$ocsp_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest_show-0016: verify when junk/invalid selftestid is provided, " + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show \"asdfasdf\" > $ocsp_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki ocsp-selftest-show" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_ocsp_host \ + -p $tmp_ocsp_port \ + -n \"$valid_admin_cert\" \ + ocsp-selftest-show \"asdfasdf\" > $ocsp_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki ocsp-selftest-show" + rlAssertGrep "SelfTest \"asdfasdf\"" "$ocsp_selftest_show_output" + rlAssertGrep " SelfTest ID: asdfasdf" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled at startup: false" "$ocsp_selftest_show_output" + rlAssertGrep " Enabled on demand: false" "$ocsp_selftest_show_output" + rlAssertNotGrep " SelfTest \"OCSPPresence\"" "$ocsp_selftest_show_output" + rlAssertNotGrep " SelfTest ID: OCSPPresence" "$ocsp_selftest_show_output" + rlAssertNotGrep " Enabled at startup: true" "$ocsp_selftest_show_output" + rlAssertNotGrep " Critical at startup: true" "$ocsp_selftest_show_output" + rlAssertNotGrep " Enabled on demand: true" "$ocsp_selftest_show_output" + rlAssertNotGrep " Critical on demand: true" "$ocsp_selftest_show_output" + rlPhaseEnd +else + rlPhaseStartCleanup "pki ocsp-selftest-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "OCSP subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli.sh b/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli.sh new file mode 100755 index 000000000..fdc262644 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ocsp-selftest +# Description: pki ocsp selftest tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-ocsp-selftest_tests() +{ + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki ocsp-selftest --help Test: Show all the options of pki ocsp-selftest" + local temp_out="$TmpDir/pki_ocsp_selftest" + rlLog "Executing pki ocsp-selftest --help" + rlRun "pki ocsp-selftest --help 1> $temp_out" 0 "pki ocsp-selftest --help" + rlAssertGrep "Commands:" "$temp_out" + rlAssertGrep " ocsp-selftest-find Find selftests" "$temp_out" + rlAssertGrep " ocsp-selftest-run Run selftests" "$temp_out" + rlAssertGrep " ocsp-selftest-show Show selftest" "$temp_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ocsp_selftest-001: pki ocsp-selftest with characters should return invalid module" + local temp_out1="$TmpDir/pki_ocsp_selftest001" + local rand=$(openssl rand -base64 50 | perl -p -e 's/\n//') + rlLog "Executing pki ocsp-selftest \"$junk\" characters" + rlRun "pki ocsp-selftest \"$junk\" 2> $temp_out1" 1,255 "Command pki ocsp-selftest with junk characters" + rlAssertGrep "Error: Invalid module" "$temp_out1" + rlPhaseEnd + + rlPhaseStartCleanup "pki ocsp-selftest cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-find.sh new file mode 100755 index 000000000..66e58692c --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-find.sh @@ -0,0 +1,398 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ca-selftest-cli +# +# Description: PKI TKS SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ca-selftest cli commands needs to be tested: +# pki tks-selftest-find +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_pki-tks-selftest-find_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki tks-selftest-find + rlPhaseStartSetup "pki tks-selftest-find Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then + local target_secure_port=$(eval echo \$${TKS_INST}_SECURE_PORT) + local tmp_tks_agent=$TKS_INST\_agentV + local tmp_tks_admin=$TKS_INST\_adminV + local tmp_tks_port=$(eval echo \$${TKS_INST}_UNSECURE_PORT) + local tmp_tks_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$TKS_INST\_agentV + local valid_audit_cert=$TKS_INST\_auditV + local valid_operator_cert=$TKS_INST\_operatorV + local valid_admin_cert=$TKS_INST\_adminV + local revoked_agent_cert=$TKS_INST\_agentR + local revoked_admin_cert=$TKS_INST\_adminR + local expired_admin_cert=$TKS_INST\_adminE + local expired_agent_cert=$TKS_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local tks_selftest_find_output=$TmpDir/tks-selftest-find.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki tks-selftest-find + rlPhaseStartTest "pki_tks_selftest-configtest: pki tks-selftest-find --help configuration test" + rlRun "pki tks-selftest-find --help > $tks_selftest_find_output" 0 "pki tks-selftest-find --help" + rlAssertGrep "usage: tks-selftest-find \[FILTER\] \[OPTIONS...\]" "$tks_selftest_find_output" + rlAssertGrep " --help Show help options" "$tks_selftest_find_output" + rlAssertGrep " --size Page size" "$tks_selftest_find_output" + rlAssertGrep " --start Page start" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pk_tks_selftest-001: find all the existing selftests for CA using admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find > $tks_selftest_find_output" 0 "Find all the TKS Selftest using $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find > $tks_selftest_find_output" 0 "Find all the TKS Selftest using $valid_admin_cert" + rlAssertGrep "2 entries matched" "$tks_selftest_find_output" + rlAssertGrep " SelfTest ID: TKSKnownSessionKey" "$tks_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$tks_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$tks_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$tks_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$tks_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-002: verifying all ca selftests cannot be found by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_agent_cert\" \ + tks-selftest-find > $tks_selftest_find_output" 0 "Find all the TKS Selftest using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_agent_cert\" \ + tks-selftest-find 2> $tks_selftest_find_output" 1,255 "Find all the TKS Selftest using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-003: verifying all ca selftests cannot be found by operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-find > $tks_selftest_find_output" 0 "Find all the TKS Selftest using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-find 2> $tks_selftest_find_output" 1,255 "Find all the TKS Selftest using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-004: verifying all ca selftests cannot be found by audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-find > $tks_selftest_find_output" 0 "Find all the TKS Selftest using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-find 2> $tks_selftest_find_output" 1,255 "Find all the TKS Selftest using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-005: verifying all ca selftests cannot be found by Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_admin_cert\" \ + tks-selftest-find > $tks_selftest_find_output" 0 "Find all the TKS Selftest using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_admin_cert\" \ + tks-selftest-find 2> $tks_selftest_find_output" 1,255 "Find all the TKS Selftest using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-006: verifying all ca selftests cannot be found by Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_agent_cert\" \ + tks-selftest-find > $tks_selftest_find_output" 0 "Find all the TKS Selftest using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_agent_cert\" \ + tks-selftest-find 2> $tks_selftest_find_output" 1,255 "Find all the TKS Selftest using $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-007: verifying all ca selftests cannot be found by Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_agent_cert\" \ + tks-selftest-find > $tks_selftest_find_output" 0 "Find all the TKS Selftest using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_agent_cert\" \ + tks-selftest-find > $tks_selftest_find_output 2>&1" 1,255 "Find all the TKS Selftest using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tks_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-008: verifying all ca selftests cannot be found by Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_admin_cert\" \ + tks-selftest-find > $tks_selftest_find_output" 0 "Find all the TKS Selftest using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_admin_cert\" \ + tks-selftest-find > $tks_selftest_find_output 2>&1" 1,255 "Find all the TKS Selftest using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tks_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-009: verify when --size 1 is specified only 1 TKS selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size 1 > $tks_selftest_find_output" 0 "Run pki tks-selftest-find --size 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size 1 1> $tks_selftest_find_output" 0 "Run pki tks-selftest-find --size 1" + rlAssertGrep "2 entries matched" "$tks_selftest_find_output" + rlAssertGrep " SelfTest ID: TKSKnownSessionKey" "$tks_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$tks_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$tks_selftest_find_output" + rlPhaseEnd + + + rlPhaseStart "pki_tks_selftest-0010: verify when value given in --size is more than 3 display all the selftests" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size 100 > $tks_selftest_find_output" 0 "Run pki tks-selftest-find --size 100" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size 100 > $tks_selftest_find_output" 0 "Run pki tks-selftest-find --size 100" + rlAssertGrep "2 entries matched" "$tks_selftest_find_output" + rlAssertGrep " SelfTest ID: TKSKnownSessionKey" "$tks_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$tks_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$tks_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$tks_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$tks_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-0011: verify when value given in --size is junk no results are returned" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size adafdafds > $tks_selftest_find_output" 0 "Run pki tks-selftest-find --size adafdafds" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size adafdafds > $tks_selftest_find_output 2>&1" 1,255 "Run pki tks-selftest-find --size adafdafds" + rlAssertGrep "NumberFormatException: For input string: \"adafdafds\"" "$tks_selftest_find_output" + rlAssertGroup + PhaseEnd + + rlPhaseStartTest "pki_tks_selftest-0012: verify when no value with --size command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size > $tks_selftest_find_output 2>&1" 1,255 "No value is passed to pki tks-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size > $tks_selftest_find_output 2>&1" 1,255 "No value is passed to pki tks-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: size" "$tks_selftest_find_output" + rlAssertGrep "usage: tks-selftest-find \[FILTER\] \[OPTIONS...\]" "$tks_selftest_find_output" + rlAssertGrep " --help Show help options" "$tks_selftest_find_output" + rlAssertGrep " --size Page size" "$tks_selftest_find_output" + rlAssertGrep " --start Page start" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-0013: verify when --size 1 and --start 1 is specified only 1 TKS selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size 1 --start 1 > $tks_selftest_find_output" 0 "Run pki tks-selftest-find --size 1 --start 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --size 1 --start 1 > $tks_selftest_find_output" 0 "Run pki tks-selftest-find --size 1 --start 1" + rlAssertGrep "2 entries matched" "$tks_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$tks_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$tks_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$tks_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$tks_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-0014: verify when no value with --start command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --start > $tks_selftest_find_output 2>&1" 1,255 "No value is passed to pki tks-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-find --start > $tks_selftest_find_output 2>&1" 1,255 "No value is passed to pki tks-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: start" "$tks_selftest_find_output" + rlAssertGrep "usage: tks-selftest-find \[FILTER\] \[OPTIONS...\]" "$tks_selftest_find_output" + rlAssertGrep " --help Show help options" "$tks_selftest_find_output" + rlAssertGrep " --size Page size" "$tks_selftest_find_output" + rlAssertGrep " --start Page start" "$tks_selftest_find_output" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-selftest-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-run.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-run.sh new file mode 100755 index 000000000..52da2a979 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-run.sh @@ -0,0 +1,271 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-selftest-cli +# +# Description: PKI TKS SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ca-selftest cli commands needs to be tested: +# pki tks-selftest-run +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-tks-selftest-run_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki tks-selftest-run + rlPhaseStartSetup "pki tks-selftest-run Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then + + local target_secure_port=$(eval echo \$${TKS_INST}_SECURE_PORT) + local tmp_tks_agent=$TKS_INST\_agentV + local tmp_tks_admin=$TKS_INST\_adminV + local tmp_tks_port=$(eval echo \$${TKS_INST}_UNSECURE_PORT) + local tmp_tks_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$TKS_INST\_agentV + local valid_audit_cert=$TKS_INST\_auditV + local valid_operator_cert=$TKS_INST\_operatorV + local valid_admin_cert=$TKS_INST\_adminV + local revoked_agent_cert=$TKS_INST\_agentR + local revoked_admin_cert=$TKS_INST\_adminR + local expired_admin_cert=$TKS_INST\_adminE + local expired_agent_cert=$TKS_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local tks_selftest_run_output=$TmpDir/tks-selftest-run.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki tks-selftest-run + rlPhaseStartTest "pki_tks_selftest_run-configtest: pki tks-selftest-run --help configuration test" + rlRun "pki tks-selftest-run --help > $tks_selftest_run_output" 0 "pki tks-selftest-run --help" + rlAssertGrep "usage: tks-selftest-run \[OPTIONS...\]" "$tks_selftest_run_output" + rlAssertGrep " --help Show help options" "$tks_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pk_tks_selftest_run-001: Run TKS Selftest using admin cert and verify ca subsystem is up" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-run > $tks_selftest_run_output" 0 "Execute pki tks-selftest-run as $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-run > $tks_selftest_run_output" 0 "Execute pki tks-selftest-run as $valid_admin_cert" + rlAssertGrep "Selftests completed" "$tks_selftest_run_output" + rlLog "Verify tks instance is running" + rlRun "systemctl status pki-tomcatd@$(eval echo \$${TKS_INST}_TOMCAT_INSTANCE_NAME) 1> $TmpDir/systemctl.out" + rlAssertGrep "Active: active (running)" "$TmpDir/systemctl.out" + rlLog "Ascertain by running pki tks-user-find command if tks instance is responding" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-user-find --size 1 > $Tmpdir/tks-user-find.out" 0 "Execute pki tks-user-find to verify if tks instance is responding" + rlAssertGrep "Number of entries returned 1" "$Tmpdir/tks-user-find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_run-002: Verify ca selftests cannot be run by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_agent_cert\" \ + tks-selftest-run > $tks_selftest_run_output" 0 "Execute pki tks-selftest-run as $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_agent_cert\" \ + tks-selftest-run 2> $tks_selftest_run_output" 1,255 "Execute pki tks-selftest-run as $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_run-003: Verify ca selftests cannot be run operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-run > $tks_selftest_run_output" 0 "Execute pki tks-selftest-run as $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-run 2> $tks_selftest_run_output" 1,255 "Execute pki tks-selftest-run as $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_run-004: Verify ca selftests cannot be run audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-run > $tks_selftest_run_output" 0 "Execute pki tks-selftest-run as $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-run 2> $tks_selftest_run_output" 1,255 "Execute pki tks-selftest-run as $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_run-005: Verify ca selftests cannot be run Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_admin_cert\" \ + tks-selftest-run > $tks_selftest_run_output" 0 "Execute pki tks-selftest-run as $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_admin_cert\" \ + tks-selftest-run 2> $tks_selftest_run_output" 1,255 "Execute pki tks-selftest-run as $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$tks_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_run-006: Verify ca selftests cannot be run Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_agent_cert\" \ + tks-selftest-run > $tks_selftest_run_output" 0 "Execute pki tks-selftest-run as $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_agent_cert\" \ + tks-selftest-run 2> $tks_selftest_run_output" 1,255 "Execute pki tks-selftest-run as $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_run-007: Verify ca selftests cannot be run Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_agent_cert\" \ + tks-selftest-run > $tks_selftest_run_output" 0 "Execute pki tks-selftest-run as $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_agent_cert\" \ + tks-selftest-run > $tks_selftest_run_output 2>&1" 1,255 "Execute pki tks-selftest-run as $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tks_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_run-008: Verify ca selftests cannot be run Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_admin_cert\" \ + tks-selftest-run > $tks_selftest_run_output" 0 "Execute pki tks-selftest-run as $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_admin_cert\" \ + tks-selftest-run > $tks_selftest_run_output 2>&1" 1,255 "Execute pki tks-selftest-run as $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tks_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-selftest-run cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-show.sh new file mode 100755 index 000000000..d44243adc --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-show.sh @@ -0,0 +1,384 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-selftest-cli +# +# Description: PKI TKS SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki ca-selftest cli commands needs to be tested: +# pki tks-selftest-show +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-tks-selftest-show_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki tks-selftest-show + rlPhaseStartSetup "pki tks-selftest-show Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local TKS_INST=$(cat $TmpDir/topo_file | grep MY_TKS | cut -d= -f2) + tks_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TKS_INST + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=TKS1 + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + tks_instance_created=$(eval echo \$${TKS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tks_instance_created" = "TRUE" ] ; then + local target_secure_port=$(eval echo \$${TKS_INST}_SECURE_PORT) + local tmp_tks_agent=$TKS_INST\_agentV + local tmp_tks_admin=$TKS_INST\_adminV + local tmp_tks_port=$(eval echo \$${TKS_INST}_UNSECURE_PORT) + local tmp_tks_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$TKS_INST\_agentV + local valid_audit_cert=$TKS_INST\_auditV + local valid_operator_cert=$TKS_INST\_operatorV + local valid_admin_cert=$TKS_INST\_adminV + local revoked_agent_cert=$TKS_INST\_agentR + local revoked_admin_cert=$TKS_INST\_adminR + local expired_admin_cert=$TKS_INST\_adminE + local expired_agent_cert=$TKS_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local tks_selftest_show_output=$TmpDir/tks-selftest-show.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki tks-selftest-show + rlPhaseStartTest "pki_tks_selftest_show-configtest: pki tks-selftest-show --help configuration test" + rlRun "pki tks-selftest-show --help > $tks_selftest_show_output" 0 "pki tks-selftest-show --help" + rlAssertGrep "usage: tks-selftest-show \[OPTIONS...\]" "$tks_selftest_show_output" + rlAssertGrep " --help Show help options" "$tks_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-001: Show TKSKnownSessionKey selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "Show TKSKnownSessionKey Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "Show TKSKnownSessionKey Selftest" + rlAssertGrep "SelfTest \"TKSKnownSessionKey\"" "$tks_selftest_show_output" + rlAssertGrep " SelfTest ID: TKSKnownSessionKey" "$tks_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$tks_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$tks_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$tks_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$tks_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_tks_selftest_show-002: Copy TKSKnownSessionKey selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey --output $TmpDir/TKSKnownSessionKey > $tks_selftest_show_output" 0 "Save TKSKnownSessionKey Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey --output $TmpDir/TKSKnownSessionKey > $tks_selftest_show_output" 0 "Save TKSKnownSessionKey Selftest to a file" + rlAssertGrep "Stored selfTest \"TKSKnownSessionKey\" into $TmpDir/TKSKnownSessionKey" "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-003: Show SystemCertsVerification selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show SystemCertsVerification > $tks_selftest_show_output" 0 "Show SystemCertsVerification Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show SystemCertsVerification > $tks_selftest_show_output" 0 "Show SystemCertsVerification Selftest" + rlAssertGrep "SelfTest \"SystemCertsVerification\"" "$tks_selftest_show_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$tks_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$tks_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$tks_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$tks_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$tks_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_tks_selftest_show-004: Copy SystemCertsVerification selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show SystemCertsVerification --output $TmpDir/SystemCertsVerification > $tks_selftest_show_output" 0 "Save SystemCertsVerification Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show SystemCertsVerification --output $TmpDir/SystemCertsVerification > $tks_selftest_show_output" 0 "Save SystemCertsVerification Selftest to a file" + rlAssertGrep "Stored selfTest \"SystemCertsVerification\" into $TmpDir/SystemCertsVerification" "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-005: Verify TKSKnownSessionKey selftest properties are shown using admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "show TKSKnownSessionKey selftest using $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "show TKSKnownSessionKey Selftest using $valid_admin_cert" + rlAssertGrep "SelfTest ID: TKSKnownSessionKey" "$tks_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$tks_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$tks_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$tks_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-006: verify TKSKnownSessionKey selftest properties cannot be shown using agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_agent_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "Show TKSKnownSessionKey selftest property using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_agent_cert\" \ + tks-selftest-show TKSKnownSessionKey 2> $tks_selftest_show_output" 1,255 "Show TKSKnownSessionKey selftest property using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-007: verify TKSKnownSessionKey selftest properties cannot be shown using operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "Show TKSKnownSessionKey selftest property using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-show TKSKnownSessionKey 2> $tks_selftest_show_output" 1,255 "Show TKSKnownSessionKey selftest property using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-008: verify TKSKnownSessionKey selftest properties cannot be shown using audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "Show TKSKnownSessionKey selftest property using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_operator_cert\" \ + tks-selftest-show TKSKnownSessionKey 2> $tks_selftest_show_output" 1,255 "Show TKSKnownSessionKey selftest property using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-009: verify TKSKnownSessionKey selftest properties cannot be shown using revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "Show TKSKnownSessionKey selftest property using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey 2> $tks_selftest_show_output" 1,255 "Show TKSKnownSessionKey selftest property using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-0010: verify TKSKnownSessionKey selftest properties cannot be shown using revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_agent_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "Show TKSKnownSessionKey selftest property using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$revoked_agent_cert\" \ + tks-selftest-show TKSKnownSessionKey 2> $tks_selftest_show_output" 1,255 "Show TKSKnownSessionKey selftest property using $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-0011: verify TKSKnownSessionKey selftest properties cannot be shown using Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_agent_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "Show TKSKnownSessionKey selftest property using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_agent_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output 2>&1" 1,255 "Show TKSKnownSessionKey selftest property using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tks_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-0012: verify TKSKnownSessionKey selftest properties cannot be shown using Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output" 0 "Show TKSKnownSessionKey selftest property using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$expired_admin_cert\" \ + tks-selftest-show TKSKnownSessionKey > $tks_selftest_show_output 2>&1" 1,255 "Show TKSKnownSessionKey selftest property using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tks_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-0013: verify when no valid selftestID is provided pki tks-selftest-show show show proper help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show > $tks_selftest_show_output" 0 "Do not pass any selftestId" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show > $tks_selftest_show_output 2>&1" 255,1 "Do not pass any selftestId" + rlAssertGrep "Error: No SelfTest ID specified." "$tks_selftest_show_output" + rlAssertGrep "usage: tks-selftest-show \[OPTIONS...\]" "$tks_selftest_show_output" + rlAssertGrep " --help Show help options" "$tks_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$tks_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest_show-0014: verify when junk/invalid selftestid is provided, " + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show \"asdfasdf\" > $tks_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki tks-selftest-show" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tks_host \ + -p $tmp_tks_port \ + -n \"$valid_admin_cert\" \ + tks-selftest-show \"asdfasdf\" > $tks_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki tks-selftest-show" + rlAssertGrep "SelfTest \"asdfasdf\"" "$tks_selftest_show_output" + rlAssertGrep " SelfTest ID: asdfasdf" "$tks_selftest_show_output" + rlAssertGrep " Enabled at startup: false" "$tks_selftest_show_output" + rlAssertGrep " Enabled on demand: false" "$tks_selftest_show_output" + rlAssertNotGrep " SelfTest \"TKSKnownSessionKey\"" "$tks_selftest_show_output" + rlAssertNotGrep " SelfTest ID: TKSKnownSessionKey" "$tks_selftest_show_output" + rlAssertNotGrep " Enabled at startup: true" "$tks_selftest_show_output" + rlAssertNotGrep " Critical at startup: true" "$tks_selftest_show_output" + rlAssertNotGrep " Enabled on demand: true" "$tks_selftest_show_output" + rlAssertNotGrep " Critical on demand: true" "$tks_selftest_show_output" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tks-selftest-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TKS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli.sh b/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli.sh new file mode 100755 index 000000000..70f08ea4a --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tks-selftest +# Description: pki tks selftest tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki key cli commands needs to be tested: +# pki-tks-selftest --help +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-tks-selftest_tests() +{ + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki tks-selftest --help Test: Show all the options of pki tks-selftest" + local temp_out="$TmpDir/pki_tks_selftest" + rlLog "Executing pki tks-selftest --help" + rlRun "pki tks-selftest --help 1> $temp_out" 0 "pki tks-selftest --help" + rlAssertGrep "Commands:" "$temp_out" + rlAssertGrep " tks-selftest-find Find selftests" "$temp_out" + rlAssertGrep " tks-selftest-run Run selftests" "$temp_out" + rlAssertGrep " tks-selftest-show Show selftest" "$temp_out" + rlPhaseEnd + + rlPhaseStartTest "pki_tks_selftest-001: pki tks-selftest with characters should return invalid module" + local temp_out1="$TmpDir/pki_tks_selftest001" + local rand=$(openssl rand -base64 50 | perl -p -e 's/\n//') + rlLog "Executing pki tks-selftest \"$junk\" characters" + rlRun "pki tks-selftest \"$junk\" 2> $temp_out1" 1,255 "Command pki tks-selftest with junk characters" + rlAssertGrep "Error: Invalid module" "$temp_out1" + rlPhaseEnd + + rlPhaseStartCleanup "pki tks-selftest cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-find.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-find.sh new file mode 100755 index 000000000..fc33a02a8 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-find.sh @@ -0,0 +1,407 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-selftest-cli +# +# Description: PKI TPS SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki tps-selftest cli commands needs to be tested: +# pki tps-selftest-find +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-key-cli-lib.sh +. /opt/rhqa_pki/env.sh + +run_pki-tps-selftest-find_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki tps-selftest-find + rlPhaseStartSetup "pki tps-selftest-find Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then + + local target_secure_port=$(eval echo \$${TPS_INST}_SECURE_PORT) + local tmp_tps_agent=$TPS_INST\_agentV + local tmp_tps_admin=$TPS_INST\_adminV + local tmp_tps_port=$(eval echo \$${TPS_INST}_UNSECURE_PORT) + local tmp_tps_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$TPS_INST\_agentV + local valid_audit_cert=$TPS_INST\_auditV + local valid_operator_cert=$TPS_INST\_operatorV + local valid_admin_cert=$TPS_INST\_adminV + local revoked_agent_cert=$TPS_INST\_agentR + local revoked_admin_cert=$TPS_INST\_adminR + local expired_admin_cert=$TPS_INST\_adminE + local expired_agent_cert=$TPS_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local ca_selftest_find_output=$TmpDir/tps-selftest-find.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki tps-selftest-find + rlPhaseStartTest "pki_tps_selftest-configtest: pki tps-selftest-find --help configuration test" + rlRun "pki tps-selftest-find --help > $ca_selftest_find_output" 0 "pki tps-selftest-find --help" + rlAssertGrep "usage: tps-selftest-find \[FILTER\] \[OPTIONS...\]" "$ca_selftest_find_output" + rlAssertGrep " --help Show help options" "$ca_selftest_find_output" + rlAssertGrep " --size Page size" "$ca_selftest_find_output" + rlAssertGrep " --start Page start" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pk_tps_selftest-001: find all the existing selftests for CA using admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find > $ca_selftest_find_output" 0 "Find all the TPS Selftest using $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find > $ca_selftest_find_output" 0 "Find all the TPS Selftest using $valid_admin_cert" + rlAssertGrep "3 entries matched" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: TPSPresence" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: TPSValidity" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-002: verifying all ca selftests cannot be found by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_agent_cert\" \ + tps-selftest-find > $ca_selftest_find_output" 0 "Find all the TPS Selftest using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_agent_cert\" \ + tps-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the TPS Selftest using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-003: verifying all ca selftests cannot be found by operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-find > $ca_selftest_find_output" 0 "Find all the TPS Selftest using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the TPS Selftest using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-004: verifying all ca selftests cannot be found by audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-find > $ca_selftest_find_output" 0 "Find all the TPS Selftest using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the TPS Selftest using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-005: verifying all ca selftests cannot be found by Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_admin_cert\" \ + tps-selftest-find > $ca_selftest_find_output" 0 "Find all the TPS Selftest using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_admin_cert\" \ + tps-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the TPS Selftest using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-006: verifying all ca selftests cannot be found by Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_agent_cert\" \ + tps-selftest-find > $ca_selftest_find_output" 0 "Find all the TPS Selftest using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_agent_cert\" \ + tps-selftest-find 2> $ca_selftest_find_output" 1,255 "Find all the TPS Selftest using $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-007: verifying all ca selftests cannot be found by Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_agent_cert\" \ + tps-selftest-find > $ca_selftest_find_output" 0 "Find all the TPS Selftest using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_agent_cert\" \ + tps-selftest-find > $ca_selftest_find_output 2>&1" 1,255 "Find all the TPS Selftest using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ca_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-008: verifying all ca selftests cannot be found by Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_admin_cert\" \ + tps-selftest-find > $ca_selftest_find_output" 0 "Find all the TPS Selftest using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_admin_cert\" \ + tps-selftest-find > $ca_selftest_find_output 2>&1" 1,255 "Find all the TPS Selftest using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$ca_selftest_find_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-009: verify when --size 1 is specified only 1 TPS selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size 1 > $ca_selftest_find_output" 0 "Run pki tps-selftest-find --size 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size 1 1> $ca_selftest_find_output" 0 "Run pki tps-selftest-find --size 1" + rlAssertGrep "3 entries matched" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: TPSPresence" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlPhaseEnd + + + rlPhaseStart "pki_tps_selftest-0010: verify when value given in --size is more than 3 display all the selftests" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size 100 > $ca_selftest_find_output" 0 "Run pki tps-selftest-find --size 100" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size 100 > $ca_selftest_find_output" 0 "Run pki tps-selftest-find --size 100" + rlAssertGrep "3 entries matched" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: TPSPresence" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: TPSValidity" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-0011: verify when value given in --size is junk no results are returned" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size adafdafds > $ca_selftest_find_output" 0 "Run pki tps-selftest-find --size adafdafds" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size adafdafds > $ca_selftest_find_output 2>&1" 1,255 "Run pki tps-selftest-find --size adafdafds" + rlAssertGrep "NumberFormatException: For input string: \"adafdafds\"" "$ca_selftest_find_output" + rlAssertGroup + PhaseEnd + + rlPhaseStartTest "pki_tps_selftest-0012: verify when no value with --size command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size > $ca_selftest_find_output 2>&1" 1,255 "No value is passed to pki tps-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size > $ca_selftest_find_output 2>&1" 1,255 "No value is passed to pki tps-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: size" "$ca_selftest_find_output" + rlAssertGrep "usage: tps-selftest-find \[FILTER\] \[OPTIONS...\]" "$ca_selftest_find_output" + rlAssertGrep " --help Show help options" "$ca_selftest_find_output" + rlAssertGrep " --size Page size" "$ca_selftest_find_output" + rlAssertGrep " --start Page start" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-0013: verify when --size 1 and --start 1 is specified only 1 TPS selftest is displayed" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size 1 --start 1 > $ca_selftest_find_output" 0 "Run pki tps-selftest-find --size 1 --start 1" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --size 1 --start 1 > $ca_selftest_find_output" 0 "Run pki tps-selftest-find --size 1 --start 1" + rlAssertGrep "3 entries matched" "$ca_selftest_find_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$ca_selftest_find_output" + rlAssertGrep " Enabled at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Critical at startup: true" "$ca_selftest_find_output" + rlAssertGrep " Enabled on demand: true" "$ca_selftest_find_output" + rlAssertGrep " Critical on demand: true" "$ca_selftest_find_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest-0014: verify when no value with --start command fails with help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --start > $ca_selftest_find_output 2>&1" 1,255 "No value is passed to pki tps-selftest-find --size" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-find --start > $ca_selftest_find_output 2>&1" 1,255 "No value is passed to pki tps-selftest-find --size" + rlAssertGrep "Error: Missing argument for option: start" "$ca_selftest_find_output" + rlAssertGrep "usage: tps-selftest-find \[FILTER\] \[OPTIONS...\]" "$ca_selftest_find_output" + rlAssertGrep " --help Show help options" "$ca_selftest_find_output" + rlAssertGrep " --size Page size" "$ca_selftest_find_output" + rlAssertGrep " --start Page start" "$ca_selftest_find_output" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-selftest-find cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-run.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-run.sh new file mode 100755 index 000000000..17983aa33 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-run.sh @@ -0,0 +1,271 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-selftest-cli +# +# Description: PKI TPS SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki tps-selftest cli commands needs to be tested: +# pki tps-selftest-run +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-tps-selftest-run_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki tps-selftest-run + rlPhaseStartSetup "pki tps-selftest-run Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then + + local target_secure_port=$(eval echo \$${TPS_INST}_SECURE_PORT) + local tmp_tps_agent=$TPS_INST\_agentV + local tmp_tps_admin=$TPS_INST\_adminV + local tmp_tps_port=$(eval echo \$${TPS_INST}_UNSECURE_PORT) + local tmp_tps_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$TPS_INST\_agentV + local valid_audit_cert=$TPS_INST\_auditV + local valid_operator_cert=$TPS_INST\_operatorV + local valid_admin_cert=$TPS_INST\_adminV + local revoked_agent_cert=$TPS_INST\_agentR + local revoked_admin_cert=$TPS_INST\_adminR + local expired_admin_cert=$TPS_INST\_adminE + local expired_agent_cert=$TPS_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local tps_selftest_run_output=$TmpDir/tps-selftest-run.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki tps-selftest-run + rlPhaseStartTest "pki_tps_selftest_run-configtest: pki tps-selftest-run --help configuration test" + rlRun "pki tps-selftest-run --help > $tps_selftest_run_output" 0 "pki tps-selftest-run --help" + rlAssertGrep "usage: tps-selftest-run \[OPTIONS...\]" "$tps_selftest_run_output" + rlAssertGrep " --help Show help options" "$tps_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_run-001: Run TPS Selftest using admin cert and verify ca subsystem is up" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-run > $tps_selftest_run_output" 0 "Execute pki tps-selftest-run as $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-run > $tps_selftest_run_output" 0 "Execute pki tps-selftest-run as $valid_admin_cert" + rlAssertGrep "Selftests completed" "$tps_selftest_run_output" + rlLog "Verify tps instance is running" + rlRun "systemctl status pki-tomcatd@$(eval echo \$${TPS_INST}_TOMCAT_INSTANCE_NAME) 1> $TmpDir/systemctl.out" + rlAssertGrep "Active: active (running)" "$TmpDir/systemctl.out" + rlLog "Ascertain by running pki tps-user-find command if tps instance is responding" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-user-find --size 1 > $Tmpdir/tps-user-find.out" 0 "Execute pki tps-user-find to verify if tps user instance is responding" + rlAssertGrep "Number of entries returned 1" "$Tmpdir/tps-user-find.out" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_run-002: Verify ca selftests cannot be run by agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_agent_cert\" \ + tps-selftest-run > $tps_selftest_run_output" 0 "Execute pki tps-selftest-run as $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_agent_cert\" \ + tps-selftest-run 2> $tps_selftest_run_output" 1,255 "Execute pki tps-selftest-run as $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tps_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_run-003: Verify ca selftests cannot be run operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-run > $tps_selftest_run_output" 0 "Execute pki tps-selftest-run as $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-run 2> $tps_selftest_run_output" 1,255 "Execute pki tps-selftest-run as $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tps_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_run-004: Verify ca selftests cannot be run audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-run > $tps_selftest_run_output" 0 "Execute pki tps-selftest-run as $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-run 2> $tps_selftest_run_output" 1,255 "Execute pki tps-selftest-run as $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tps_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_run-005: Verify ca selftests cannot be run Revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_admin_cert\" \ + tps-selftest-run > $tps_selftest_run_output" 0 "Execute pki tps-selftest-run as $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_admin_cert\" \ + tps-selftest-run 2> $tps_selftest_run_output" 1,255 "Execute pki tps-selftest-run as $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$tps_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_run-006: Verify ca selftests cannot be run Revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_agent_cert\" \ + tps-selftest-run > $tps_selftest_run_output" 0 "Execute pki tps-selftest-run as $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_agent_cert\" \ + tps-selftest-run 2> $tps_selftest_run_output" 1,255 "Execute pki tps-selftest-run as $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tps_selftest_run_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_run-007: Verify ca selftests cannot be run Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_agent_cert\" \ + tps-selftest-run > $tps_selftest_run_output" 0 "Execute pki tps-selftest-run as $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_agent_cert\" \ + tps-selftest-run > $tps_selftest_run_output 2>&1" 1,255 "Execute pki tps-selftest-run as $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tps_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_run-008: Verify ca selftests cannot be run Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_admin_cert\" \ + tps-selftest-run > $tps_selftest_run_output" 0 "Execute pki tps-selftest-run as $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_admin_cert\" \ + tps-selftest-run > $tps_selftest_run_output 2>&1" 1,255 "Execute pki tps-selftest-run as $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tps_selftest_run_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-selftest-run cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-show.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-show.sh new file mode 100755 index 000000000..8776c452d --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-show.sh @@ -0,0 +1,422 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-selftest-cli +# +# Description: PKI CA SELFTEST CLI +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki tps-selftest cli commands needs to be tested: +# pki tps-selftest-show +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-tps-selftest-show_tests() +{ + local cs_Type=$1 + local cs_Role=$2 + + # Creating Temporary Directory for pki tps-selftest-show + rlPhaseStartSetup "pki tps-selftest-show Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + # Local Variables + get_topo_stack $cs_Role $TmpDir/topo_file + local TPS_INST=$(cat $TmpDir/topo_file | grep MY_TPS | cut -d= -f2) + tps_instance_created="False" + if [ "$TOPO9" = "TRUE" ] ; then + prefix=$TPS_INST + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + elif [ "$cs_Role" = "MASTER" ] ; then + prefix=TPS1 + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + else + prefix=$cs_Role + tps_instance_created=$(eval echo \$${TPS_INST}_INSTANCE_CREATED_STATUS) + fi +if [ "$tps_instance_created" = "TRUE" ] ; then + + local target_secure_port=$(eval echo \$${TPS_INST}_SECURE_PORT) + local tmp_tps_agent=$TPS_INST\_agentV + local tmp_tps_admin=$TPS_INST\_adminV + local tmp_tps_port=$(eval echo \$${TPS_INST}_UNSECURE_PORT) + local tmp_tps_host=$(eval echo \$${cs_Role}) + local valid_agent_cert=$TPS_INST\_agentV + local valid_audit_cert=$TPS_INST\_auditV + local valid_operator_cert=$TPS_INST\_operatorV + local valid_admin_cert=$TPS_INST\_adminV + local revoked_agent_cert=$TPS_INST\_agentR + local revoked_admin_cert=$TPS_INST\_adminR + local expired_admin_cert=$TPS_INST\_adminE + local expired_agent_cert=$TPS_INST\_agentE + local TEMP_NSS_DB="$TmpDir/nssdb" + local TEMP_NSS_DB_PWD="redhat" + local exp="$TmpDir/expfile.out" + local expout="$TmpDir/exp_out" + local cert_info="$TmpDir/cert_info" + local tps_selftest_show_output=$TmpDir/tps-selftest-show.out + local rand=$RANDOM + local tmp_junk_data=$(openssl rand -base64 50 | perl -p -e 's/\n//') + + + # Config test for pki tps-selftest-show + rlPhaseStartTest "pki_tps_selftest_show-configtest: pki tps-selftest-show --help configuration test" + rlRun "pki tps-selftest-show --help > $tps_selftest_show_output" 0 "pki tps-selftest-show --help" + rlAssertGrep "usage: tps-selftest-show \[OPTIONS...\]" "$tps_selftest_show_output" + rlAssertGrep " --help Show help options" "$tps_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-001: Show TPSPresence selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "Show TPSPresence Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "Show TPSPresence Selftest" + rlAssertGrep "SelfTest \"TPSPresence\"" "$tps_selftest_show_output" + rlAssertGrep " SelfTest ID: TPSPresence" "$tps_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$tps_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$tps_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$tps_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$tps_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_selftest_show-002: Copy TPSPresence selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSPresence --output $TmpDir/TPSPresence > $tps_selftest_show_output" 0 "Save TPSPresence Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSPresence --output $TmpDir/TPSPresence > $tps_selftest_show_output" 0 "Save TPSPresence Selftest to a file" + rlAssertGrep "Stored selfTest \"TPSPresence\" into $TmpDir/TPSPresence" "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-003: Show SystemCertsVerification selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show SystemCertsVerification > $tps_selftest_show_output" 0 "Show SystemCertsVerification Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show SystemCertsVerification > $tps_selftest_show_output" 0 "Show SystemCertsVerification Selftest" + rlAssertGrep "SelfTest \"SystemCertsVerification\"" "$tps_selftest_show_output" + rlAssertGrep " SelfTest ID: SystemCertsVerification" "$tps_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$tps_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$tps_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$tps_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$tps_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_selftest_show-004: Copy SystemCertsVerification selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show SystemCertsVerification --output $TmpDir/SystemCertsVerification > $tps_selftest_show_output" 0 "Save SystemCertsVerification Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show SystemCertsVerification --output $TmpDir/SystemCertsVerification > $tps_selftest_show_output" 0 "Save SystemCertsVerification Selftest to a file" + rlAssertGrep "Stored selfTest \"SystemCertsVerification\" into $TmpDir/SystemCertsVerification" "$tps_selftest_show_output" + rlPhaseEnd + + + rlPhaseStartTest "pki_tps_selftest_show-005: Show TPSValidity selftest properties" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSValidity > $tps_selftest_show_output" 0 "Show TPSValidity Selftest" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSValidity > $tps_selftest_show_output" 0 "Show TPSValidity Selftest" + rlAssertGrep "SelfTest \"TPSValidity\"" "$tps_selftest_show_output" + rlAssertGrep " SelfTest ID: TPSValidity" "$tps_selftest_show_output" + rlAssertGrep " Enabled at startup: false" "$tps_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$tps_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-006: Copy TPSValidity selftest Properties to a file" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSValidity --output $TmpDir/TPSValidity > $tps_selftest_show_output" 0 "Save TPSValidity Selftest to a file" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSValidity --output $TmpDir/TPSValidity > $tps_selftest_show_output" 0 "Save TPSValidity Selftest to a file" + rlAssertGrep "Stored selfTest \"TPSValidity\" into $TmpDir/TPSValidity" "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-007: Verify TPSPresence selftest properties are shown using admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "show TPSPresence selftest using $valid_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "show TPSPresence Selftest using $valid_admin_cert" + rlAssertGrep "SelfTest ID: TPSPresence" "$tps_selftest_show_output" + rlAssertGrep " Enabled at startup: true" "$tps_selftest_show_output" + rlAssertGrep " Critical at startup: true" "$tps_selftest_show_output" + rlAssertGrep " Enabled on demand: true" "$tps_selftest_show_output" + rlAssertGrep " Critical on demand: true" "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-008: verify TPSPresence selftest properties cannot be shown using agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_agent_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "Show TPSPresence selftest property using $valid_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_agent_cert\" \ + tps-selftest-show TPSPresence 2> $tps_selftest_show_output" 1,255 "Show TPSPresence selftest property using $valid_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-009: verify TPSPresence selftest properties cannot be shown using operator cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "Show TPSPresence selftest property using $valid_operator_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-show TPSPresence 2> $tps_selftest_show_output" 1,255 "Show TPSPresence selftest property using $valid_operator_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-0010: verify TPSPresence selftest properties cannot be shown using audit cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "Show TPSPresence selftest property using $valid_audit_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_operator_cert\" \ + tps-selftest-show TPSPresence 2> $tps_selftest_show_output" 1,255 "Show TPSPresence selftest property using $valid_audit_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-0011: verify TPSPresence selftest properties cannot be shown using revoked admin cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_admin_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "Show TPSPresence selftest property using $revoked_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_admin_cert\" \ + tps-selftest-show TPSPresence 2> $tps_selftest_show_output" 1,255 "Show TPSPresence selftest property using $revoked_admin_cert" + rlAssertGrep "PKIException: Unauthorized" "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-0012: verify TPSPresence selftest properties cannot be shown using revoked agent cert" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_agent_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "Show TPSPresence selftest property using $revoked_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$revoked_agent_cert\" \ + tps-selftest-show TPSPresence 2> $tps_selftest_show_output" 1,255 "Show TPSPresence selftest property using $revoked_agent_cert" + rlAssertGrep "ForbiddenException: Authorization Error" "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-0013: verify TPSPresence selftest properties cannot be shown using Expired agent cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_agent_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_agent_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "Show TPSPresence selftest property using $expired_agent_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_agent_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output 2>&1" 1,255 "Show TPSPresence selftest property using $expired_agent_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tps_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-0014: verify TPSPresence selftest properties cannot be shown using Expired admin cert" + local cur_date=$(date +%a\ %b\ %d\ %H:%M:%S) + local end_date=$(certutil -L -d $CERTDB_DIR -n $expired_admin_cert | grep "Not After" | awk -F ": " '{print $2}') + rlLog "Current Date/Time: $(date)" + rlLog "Current Date/Time: before modifying using chrony $(date)" + rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Move system to $end_date + 1 day ahead" + rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Date after modifying using chrony: $(date)" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_admin_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output" 0 "Show TPSPresence selftest property using $expired_admin_cert" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$expired_admin_cert\" \ + tps-selftest-show TPSPresence > $tps_selftest_show_output 2>&1" 1,255 "Show TPSPresence selftest property using $expired_admin_cert" + rlAssertGrep "ProcessingException: Unable to invoke request" "$tps_selftest_show_output" + rlLog "Set the date back to its original date & time" + rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out" + rlAssertGrep "200 OK" "$TmpDir/chrony.out" + rlLog "Current Date/Time after setting system date back using chrony $(date)" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-0015: verify when no valid selftestID is provided pki tps-selftest-show show show proper help message" + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show > $tps_selftest_show_output" 0 "Do not pass any selftestId" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show > $tps_selftest_show_output 2>&1" 255,1 "Do not pass any selftestId" + rlAssertGrep "Error: No SelfTest ID specified." "$tps_selftest_show_output" + rlAssertGrep "usage: tps-selftest-show \[OPTIONS...\]" "$tps_selftest_show_output" + rlAssertGrep " --help Show help options" "$tps_selftest_show_output" + rlAssertGrep " --output Output file to store selfTest properties." "$tps_selftest_show_output" + rlPhaseEnd + + rlPhaseStartTest "pki_tps_selftest_show-0016: verify when junk/invalid selftestid is provided, " + rlLog "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show \"asdfasdf\" > $tps_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki tps-selftest-show" + rlRun "pki -d $CERTDB_DIR \ + -c $CERTDB_DIR_PASSWORD \ + -h $tmp_tps_host \ + -p $tmp_tps_port \ + -n \"$valid_admin_cert\" \ + tps-selftest-show \"asdfasdf\" > $tps_selftest_show_output" 0 "pass junk \"asdfasdf\" to pki tps-selftest-show" + rlAssertGrep "SelfTest \"asdfasdf\"" "$tps_selftest_show_output" + rlAssertGrep " SelfTest ID: asdfasdf" "$tps_selftest_show_output" + rlAssertGrep " Enabled at startup: false" "$tps_selftest_show_output" + rlAssertGrep " Enabled on demand: false" "$tps_selftest_show_output" + rlAssertNotGrep " SelfTest \"TPSPresence\"" "$tps_selftest_show_output" + rlAssertNotGrep " SelfTest ID: TPSPresence" "$tps_selftest_show_output" + rlAssertNotGrep " Enabled at startup: true" "$tps_selftest_show_output" + rlAssertNotGrep " Critical at startup: true" "$tps_selftest_show_output" + rlAssertNotGrep " Enabled on demand: true" "$tps_selftest_show_output" + rlAssertNotGrep " Critical on demand: true" "$tps_selftest_show_output" + rlPhaseEnd +else + rlPhaseStartCleanup "pki tps-selftest-show cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlLog "TPS subsystem is not installed" + rlPhaseEnd +fi +} diff --git a/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli.sh b/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli.sh new file mode 100755 index 000000000..688ed8741 --- /dev/null +++ b/tests/dogtag/acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-tps-selftest +# Description: pki tps selftest tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# The following pki key cli commands needs to be tested: +# pki-tps-selftest --help +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Author: Niranjan Mallapadi +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +run_pki-tps-selftest_tests() +{ + rlPhaseStartSetup "Create Temporary Directory" + rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + rlPhaseStartTest "pki tps-selftest --help Test: Show all the options of pki tps-selftest" + local temp_out="$TmpDir/pki_ca_selftest" + rlLog "Executing pki tps-selftest --help" + rlRun "pki tps-selftest --help 1> $temp_out" 0 "pki tps-selftest --help" + rlAssertGrep "Commands:" "$temp_out" + rlAssertGrep " tps-selftest-find Find selftests" "$temp_out" + rlAssertGrep " tps-selftest-run Run selftests" "$temp_out" + rlAssertGrep " tps-selftest-show Show selftest" "$temp_out" + rlPhaseEnd + + rlPhaseStartTest "pki_ca_selftest-001: pki tps-selftest with characters should return invalid module" + local temp_out1="$TmpDir/pki_ca_selftest001" + local rand=$(openssl rand -base64 50 | perl -p -e 's/\n//') + rlLog "Executing pki tps-selftest \"$junk\" characters" + rlRun "pki tps-selftest \"$junk\" 2> $temp_out1" 1,255 "Command pki tps-selftest with junk characters" + rlAssertGrep "Error: Invalid module" "$temp_out1" + rlPhaseEnd + + rlPhaseStartCleanup "pki tps-selftest cleanup: Delete temp dir" + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +} diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh index 8c742420e..f55849f00 100755 --- a/tests/dogtag/runtest.sh +++ b/tests/dogtag/runtest.sh @@ -241,6 +241,29 @@ . ./acceptance/bugzilla/jss-bugs/bug-1133718.sh . ./acceptance/bugzilla/jss-bugs/bug-1040640.sh . ./acceptance/bugzilla/pki-core-bugs/bug-790924.sh +. ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli.sh +. ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-find.sh +. ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-run.sh +. ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-cli-show.sh +. ./acceptance/cli-tests/pki-ca-selftest-cli/pki-ca-selftest-admin.sh +. ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-find.sh +. ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-run.sh +. ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli-show.sh +. ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-cli.sh +. ./acceptance/cli-tests/pki-kra-selftest-cli/pki-kra-selftest-admin.sh +. ./acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-find.sh +. ./acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-run.sh +. ./acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli-show.sh +. ./acceptance/cli-tests/pki-ocsp-selftest-cli/pki-ocsp-selftest-cli.sh +. ./acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-find.sh +. ./acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-run.sh +. ./acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli-show.sh +. ./acceptance/cli-tests/pki-tks-selftest-cli/pki-tks-selftest-cli.sh +. ./acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-find.sh +. ./acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-run.sh +. ./acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli-show.sh +. ./acceptance/cli-tests/pki-tps-selftest-cli/pki-tps-selftest-cli.sh + # Make sure TESTORDER is initialized or multihost may have issues @@ -1838,6 +1861,179 @@ rlJournalStart subsystemType=tps run_rhcs_tps_installer_tests $subsystemId $subsystemType $MYROLE fi + PKI_CA_SELFTEST_CONFIG_UPPERCASE=$(echo $PKI_CA_SELFTEST_CONFIG | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTEST_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-selftest --help + run_pki-ca-selftest_tests + fi + PKI_CA_SELFTEST_FIND_UPPERCASE=$(echo $PKI_CA_SELFTEST_FIND | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-selftest-find + subsystemType=ca + run_pki-ca-selftest-find_tests $subsystemType $MYROLE + fi + PKI_CA_SELFTEST_RUN_UPPERCASE=$(echo $PKI_CA_SELFTEST_RUN | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTEST_RUN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-selftest-run + subsystemType=ca + run_pki-ca-selftest-run_tests $subsystemType $MYROLE + fi + PKI_CA_SELFTEST_SHOW_UPPERCASE=$(echo $PKI_CA_SELFTEST_SHOW | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTEST_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-selftest-show + subsystemType=ca + run_pki-ca-selftest-show_tests $subsystemType $MYROLE + fi + PKI_CA_SELFTEST_ADMIN_UPPERCASE=$(echo $PKI_CA_SELFTEST_ADMIN | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTEST_ADMIN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ca-selftest admin + subsystemType=ca + run_pki-ca-selftest-admin_tests $subsystemType $MYROLE + fi + PKI_KRA_SELFTEST_FIND_UPPERCASE=$(echo $PKI_KRA_SELFTEST_FIND | tr [a-z] [A-Z]) + if [ "$PKI_KRA_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki kra-selftest-find + subsystemType=kra + run_pki-kra-selftest-find_tests $subsystemType $MYROLE + fi + PKI_KRA_SELFTEST_RUN_UPPERCASE=$(echo $PKI_KRA_SELFTEST_RUN | tr [a-z] [A-Z]) + if [ "$PKI_KRA_SELFTEST_RUN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki kra-selftest-run + subsystemType=kra + run_pki-kra-selftest-run_tests $subsystemType $MYROLE + fi + PKI_KRA_SELFTEST_SHOW_UPPERCASE=$(echo $PKI_KRA_SELFTEST_SHOW | tr [a-z] [A-Z]) + if [ "$PKI_KRA_SELFTEST_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki kra-selftest-show + subsystemType=kra + run_pki-kra-selftest-show_tests $subsystemType $MYROLE + fi + PKI_KRA_SELFTEST_CONFIG_UPPERCASE=$(echo $PKI_KRA_SELFTEST_CONFIG | tr [a-z] [A-Z]) + if [ "$PKI_KRA_SELFTEST_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki kra-selftest --help + run_pki-kra-selftest_tests + fi + PKI_KRA_SELFTEST_ADMIN_UPPERCASE=$(echo $PKI_KRA_SELFTEST_ADMIN | tr [a-z] [A-Z]) + if [ "$PKI_KRA_SELFTEST_ADMIN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki kra-selftest admin + subsystemType=kra + run_pki-kra-selftest-admin_tests $subsystemType $MYROLE + fi + PKI_OCSP_SELFTEST_FIND_UPPERCASE=$(echo $PKI_OCSP_SELFTEST_FIND | tr [a-z] [A-Z]) + if [ "$PKI_OCSP_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ocsp-selftest-find + subsystemType=ocsp + run_pki-ocsp-selftest-find_tests $subsystemType $MYROLE + fi + PKI_OCSP_SELFTEST_RUN_UPPERCASE=$(echo $PKI_OCSP_SELFTEST_RUN | tr [a-z] [A-Z]) + if [ "$PKI_OCSP_SELFTEST_RUN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ocsp-selftest-run + subsystemType=ocsp + run_pki-ocsp-selftest-run_tests $subsystemType $MYROLE + fi + PKI_OCSP_SELFTEST_SHOW_UPPERCASE=$(echo $PKI_OCSP_SELFTEST_SHOW | tr [a-z] [A-Z]) + if [ "$PKI_OCSP_SELFTEST_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ocsp-selftest-show + subsystemType=ocsp + + run_pki-ocsp-selftest-show_tests $subsystemType $MYROLE + fi + PKI_OCSP_SELFTEST_CONFIG_UPPERCASE=$(echo $PKI_OCSP_SELFTEST_CONFIG | tr [a-z] [A-Z]) + if [ "$PKI_OCSP_SELFTEST_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki ocsp-selftest --help + run_pki-ocsp-selftest_tests + fi + PKI_TKS_SELFTEST_FIND_UPPERCASE=$(echo $PKI_TKS_SELFTEST_FIND | tr [a-z] [A-Z]) + if [ "$PKI_TKS_SELFTEST_FIND_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki tks-selftest-find + subsystemType=tks + run_pki-tks-selftest-find_tests $subsystemType $MYROLE + fi + PKI_TKS_SELFTEST_RUN_UPPERCASE=$(echo $PKI_TKS_SELFTEST_RUN | tr [a-z] [A-Z]) + if [ "$PKI_TKS_SELFTEST_RUN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki tks-selftest-run + subsystemType=tks + run_pki-tks-selftest-run_tests $subsystemType $MYROLE + fi + PKI_TKS_SELFTEST_SHOW_UPPERCASE=$(echo $PKI_TKS_SELFTEST_SHOW | tr [a-z] [A-Z]) + if [ "$PKI_TKS_SELFTEST_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki tks-selftest-show + subsystemType=tks + run_pki-tks-selftest-show_tests $subsystemType $MYROLE + fi + PKI_TKS_SELFTEST_CONFIG_UPPERCASE=$(echo $PKI_TKS_SELFTEST_CONFIG | tr [a-z] [A-Z]) + if [ "$PKI_TKS_SELFTEST_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki tks-selftest --help + run_pki-tks-selftest_tests + fi + PKI_TPS_SELFTEST_RUN_UPPERCASE=$(echo $PKI_TPS_SELFTEST_RUN | tr [a-z] [A-Z]) + if [ "$PKI_TPS_SELFTEST_RUN_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki tps-selftest-run + subsystemType=tps + run_pki-tps-selftest-run_tests $subsystemType $MYROLE + fi + PKI_TPS_SELFTEST_SHOW_UPPERCASE=$(echo $PKI_TPS_SELFTEST_SHOW | tr [a-z] [A-Z]) + if [ "$PKI_TPS_SELFTEST_SHOW_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki tps-selftest-show + subsystemType=tps + run_pki-tps-selftest-show_tests $subsystemType $MYROLE + fi + PKI_TPS_SELFTEST_CONFIG_UPPERCASE=$(echo $PKI_TPS_SELFTEST_CONFIG | tr [a-z] [A-Z]) + if [ "$PKI_TPS_SELFTEST_CONFIG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute pki tps-selftest --help + run_pki-tps-selftest_tests + fi + #############CA Selftests################### + PKI_CA_SELFTESTS_UPPERCASE=$(echo $PKI_CA_SELFTESTS | tr [a-z] [A-Z]) + if [ "$PKI_CA_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute all ca selftest cli's + subsystemType=ca + run_pki-ca-selftest_tests + run_pki-ca-selftest-find_tests $subsystemType $MYROLE + run_pki-ca-selftest-run_tests $subsystemType $MYROLE + run_pki-ca-selftest-show_tests $subsystemType $MYROLE + fi + #############KRA Selftests################### + PKI_KRA_SELFTESTS_UPPERCASE=$(echo $PKI_KRA_SELFTESTS | tr [a-z] [A-Z]) + if [ "$PKI_KRA_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute all kra selftest cli's + subsystemType=kra + run_pki-kra-selftest_tests + run_pki-kra-selftest-find_tests $subsystemType $MYROLE + run_pki-kra-selftest-run_tests $subsystemType $MYROLE + run_pki-kra-selftest-show_tests $subsystemType $MYROLE + run_pki-kra-selftest-admin_tests $subsystemType $MYROLE + fi + #############OCSP Selftests################### + PKI_OCSP_SELFTESTS_UPPERCASE=$(echo $PKI_OCSP_SELFTESTS | tr [a-z] [A-Z]) + if [ "$PKI_OCSP_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute all ocsp selftest cli's + subsystemType=ocsp + run_pki-ocsp-selftest_tests + run_pki-ocsp-selftest-find_tests $subsystemType $MYROLE + run_pki-ocsp-selftest-run_tests $subsystemType $MYROLE + run_pki-ocsp-selftest-show_tests $subsystemType $MYROLE + fi + #############TKS Selftests################### + PKI_TKS_SELFTESTS_UPPERCASE=$(echo $PKI_TKS_SELFTESTS | tr [a-z] [A-Z]) + if [ "$PKI_TKS_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute all tks selftest cli's + subsystemType=tks + run_pki-tks-selftest_tests + run_pki-tks-selftest-find_tests $subsystemType $MYROLE + run_pki-tks-selftest-run_tests $subsystemType $MYROLE + run_pki-tks-selftest-show_tests $subsystemType $MYROLE + fi + #############TPS Selftests################### + PKI_TPS_SELFTESTS_UPPERCASE=$(echo $PKI_TPS_SELFTESTS | tr [a-z] [A-Z]) + if [ "$PKI_TPS_SELFTESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then + # Execute all tps selftest cli's + subsystemType=tps + run_pki-tps-selftest_tests + run_pki-tps-selftest-find_tests $subsystemType $MYROLE + run_pki-tps-selftest-run_tests $subsystemType $MYROLE + run_pki-tps-selftest-show_tests $subsystemType $MYROLE + fi rlPhaseEnd ######## DEV UNIT TESTS ############ DEV_JAVA_TESTS_UPPERCASE=$(echo $DEV_JAVA_TESTS | tr [a-z] [A-Z]) -- cgit