From ea3e179baf473b159942cdc0246226c4561fb754 Mon Sep 17 00:00:00 2001 From: Roshni Pattath Date: Wed, 3 Dec 2014 22:22:02 -0500 Subject: RHEL 7.1 bug verification automation --- tests/dogtag/acceptance/bugzilla/bug_setup.sh | 245 +++++++++++++++++++++ tests/dogtag/acceptance/bugzilla/bug_uninstall.sh | 66 ++++++ .../acceptance/bugzilla/jss-bugs/bug-1040640.sh | 82 +++++++ .../acceptance/bugzilla/jss-bugs/bug-1133718.sh | 76 +++++++ .../bugzilla/pki-core-bugs/bug-790924.sh | 133 +++++++++++ .../bugzilla/tomcatjss-bugs/bug-1058366.sh | 92 ++++++++ .../bugzilla/tomcatjss-bugs/bug-1084224.sh | 233 ++++++++++++++++++++ 7 files changed, 927 insertions(+) create mode 100755 tests/dogtag/acceptance/bugzilla/bug_setup.sh create mode 100755 tests/dogtag/acceptance/bugzilla/bug_uninstall.sh create mode 100755 tests/dogtag/acceptance/bugzilla/jss-bugs/bug-1040640.sh create mode 100755 tests/dogtag/acceptance/bugzilla/jss-bugs/bug-1133718.sh create mode 100755 tests/dogtag/acceptance/bugzilla/pki-core-bugs/bug-790924.sh create mode 100755 tests/dogtag/acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh create mode 100755 tests/dogtag/acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh (limited to 'tests') diff --git a/tests/dogtag/acceptance/bugzilla/bug_setup.sh b/tests/dogtag/acceptance/bugzilla/bug_setup.sh new file mode 100755 index 000000000..d4bd1aa62 --- /dev/null +++ b/tests/dogtag/acceptance/bugzilla/bug_setup.sh @@ -0,0 +1,245 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/bugzilla/ +# Description: CS-backup-bug verification +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#pki-user-cli-user-ca.sh should be first executed prior to bug verification +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +BUGCA_LDAP_PORT="1801" +BUGCA_LDAP_INSTANCE_NAME="pki-ca-bug" +BUGCA_LDAP_DB_SUFFIX="dc=pki-ca" +BUGCA_SUBSYSTEM_NAME="BUGCA" +BUGCA_INSTANCE_CFG="/tmp/bugca_instance.inf" +BUGCA_INSTANCE_OUT="/tmp/bugca_instance_create.out" +BUGKRA_INSTANCE_CFG="/tmp/bugkra_instance.inf" +BUGKRA_INSTANCE_OUT="/tmp/bugkra_instance_create.out" +BUGOCSP_INSTANCE_CFG="/tmp/bugocsp_instance.inf" +BUGOCSP_INSTANCE_OUT="/tmp/bugocsp_instance_create.out" +BUGTKS_INSTANCE_CFG="/tmp/bugtks_instance.inf" +BUGTKS_INSTANCE_OUT="/tmp/bugtks_instance_create.out" +BUGCA_TOMCAT_INSTANCE_NAME="pki-ca-bug" +BUGCA_ADMIN_PASSWORD="Secret123" +BUGCA_CLIENT_PKCS12_PASSWORD="Secret123" +BUGCA_HTTP_PORT="30051" +BUGCA_HTTPS_PORT="30050" +BUGCA_TOMCAT_SERVER_PORT="30052" +BUGCA_SEC_DOMAIN_HTTPS_PORT="30050" +BUGCA_SEC_DOMAIN_PASSWORD="Secret123" +BUG_LDAP_ROOTDN="cn=Directory Manager" +BUG_LDAP_ROOTDNPWD="Secret123" +BUGKRA_LDAP_PORT="1802" +BUGKRA_LDAP_INSTANCE_NAME="pki-kra-bug" +BUGKRA_LDAP_DB_SUFFIX="dc=pki-kra" +BUGKRA_SUBSYSTEM_NAME="BUGKRA" +BUGKRA_PKI_CLIENT_DATABASE_PASSWORD="Secret123" +BUGKRA_PKI_SECURITY_DOMAIN_USER="caadmin" +BUGOCSP_LDAP_PORT="1803" +BUGOCSP_LDAP_INSTANCE_NAME="pki-ocsp-bug" +BUGOCSP_LDAP_DB_SUFFIX="dc=pki-ocsp" +BUGOCSP_SUBSYSTEM_NAME="BUGOCSP" +BUGOCSP_PKI_CLIENT_DATABASE_PASSWORD="Secret123" +BUGOCSP_PKI_SECURITY_DOMAIN_USER="caadmin" +BUGTKS_LDAP_PORT="1804" +BUGTKS_LDAP_INSTANCE_NAME="pki-tks-bug" +BUGTKS_LDAP_DB_SUFFIX="dc=pki-tks" +BUGTKS_SUBSYSTEM_NAME="BUGTKS" +BUGTKS_PKI_CLIENT_DATABASE_PASSWORD="Secret123" +BUGTKS_PKI_SECURITY_DOMAIN_USER="caadmin" +BUGCA_CERTDB_DIR="/opt/bugsecdb/bugcerts_db" +BUGCA_CERTDB_DIR_PASSWORD="Secret123" +BUGCA_CLIENT_DB_PURGE=True +BUGCA_CLIENT_DIR="/opt/bugsecdb" +BUGCA_ADMIN_CERT_NICKNAME="bugcaadmincert" +BUGCA_ADMIN_IMPORT_CERT=False +BUGCA_BACKUP=True +BUGCA_BACKUP_PASSWORD="Secret123" +BUGKRA_ADMIN_CERT_NICKNAME="bugkraadmincert" +BUGKRA_ADMIN_IMPORT_CERT=True +BUGOCSP_ADMIN_CERT_NICKNAME="bugocspadmincert" +BUGOCSP_ADMIN_CERT_NICKNAME="bugtksadmincert" +run_bug_verification_setup(){ + + rlPhaseStartTest "Setting up instance for bug verification" + + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1061442" + cat /etc/redhat-release | grep "Fedora" + if [ $? -eq 0 ] ; then + FLAVOR="Fedora" + rlLog "Automation is running against Fedora" + else + FLAVOR="RHEL" + rlLog "Automation is running against RHEL" + fi + rhcs_install_set_ldap_vars + #rlRun "mkdir $BUGCA_CERTDB_DIR" + rlRun "rhds_install $BUGCA_LDAP_PORT $BUGCA_LDAP_INSTANCE_NAME \"$BUG_LDAP_ROOTDN\" $BUG_LDAP_ROOTDNPWD $BUGCA_LDAP_DB_SUFFIX $BUGCA_SUBSYSTEM_NAME" + echo "[DEFAULT]" > $BUGCA_INSTANCE_CFG + echo "pki_instance_name=$BUGCA_TOMCAT_INSTANCE_NAME" >> $BUGCA_INSTANCE_CFG + echo "pki_https_port=$BUGCA_HTTPS_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_http_port=$BUGCA_HTTP_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_tomcat_server_port=$BUGCA_TOMCAT_SERVER_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_admin_password=$BUGCA_ADMIN_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_client_pkcs12_password=$BUGCA_CLIENT_PKCS12_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_database=$BUGCA_LDAP_INSTANCE_NAME" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_ldap_port=$BUGCA_LDAP_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_base_dn=$BUGCA_LDAP_DB_SUFFIX" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_bind_dn=$BUG_LDAP_ROOTDN" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_password=$BUG_LDAP_ROOTDNPWD" >> $BUGCA_INSTANCE_CFG + echo "pki_security_domain_https_port=$BUGCA_SEC_DOMAIN_HTTPS_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_security_domain_password=$BUGCA_SEC_DOMAIN_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_admin_nickname=$BUGCA_ADMIN_CERT_NICKNAME" >> $BUGCA_INSTANCE_CFG + echo "pki_import_admin_cert=$BUGCA_ADMIN_IMPORT_CERT" >> $BUGCA_INSTANCE_CFG + echo "pki_client_dir=$BUGCA_CLIENT_DIR" >> $BUGCA_INSTANCE_CFG + echo "pki_client_admin_cert_p12=$BUGCA_CLIENT_DIR/$BUGCA_ADMIN_CERT_NICKNAME.p12" >> $BUGCA_INSTANCE_CFG + echo "pki_backup_keys=$BUGCA_BACKUP" >> $BUGCA_INSTANCE_CFG + echo "pki_backup_password=$BUGCA_BACKUP_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_client_database_dir=$BUGCA_CERTDB_DIR" >> $BUGCA_INSTANCE_CFG + echo "pki_client_database_password=$BUGCA_CERTDB_DIR_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_client_database_purge=$BUGCA_CLIENT_DB_PURGE" >> $BUGCA_INSTANCE_CFG + rlRun "pkispawn -s CA -v -f $BUGCA_INSTANCE_CFG > $BUGCA_INSTANCE_OUT" + rlRun "sleep 10" + BUGCA_SERVER_ROOT="/var/lib/pki/$BUGCA_TOMCAT_INSTANCE_NAME/ca" + rlRun "install_and_trust_CA_cert $BUGCA_SERVER_ROOT $BUGCA_CERTDB_DIR" + + # Create a KRA instance + + rlRun "rhds_install $BUGKRA_LDAP_PORT $BUGKRA_LDAP_INSTANCE_NAME \"$BUG_LDAP_ROOTDN\" $BUG_LDAP_ROOTDNPWD $BUGKRA_LDAP_DB_SUFFIX $BUGKRA_SUBSYSTEM_NAME" + echo "[DEFAULT]" > $BUGKRA_INSTANCE_CFG + echo "pki_instance_name=$BUGCA_TOMCAT_INSTANCE_NAME" >> $BUGKRA_INSTANCE_CFG + echo "pki_https_port=$BUGCA_HTTPS_PORT" >> $BUGKRA_INSTANCE_CFG + echo "pki_http_port=$BUGCA_HTTP_PORT" >> $BUGKRA_INSTANCE_CFG + echo "pki_tomcat_server_port=$BUGCA_TOMCAT_SERVER_PORT" >> $BUGKRA_INSTANCE_CFG + echo "pki_admin_password=$BUGCA_ADMIN_PASSWORD" >> $BUGKRA_INSTANCE_CFG + echo "pki_client_pkcs12_password=$BUGCA_CLIENT_PKCS12_PASSWORD" >> $BUGKRA_INSTANCE_CFG + echo "pki_ds_database=$BUGKRA_LDAP_INSTANCE_NAME" >> $BUGKRA_INSTANCE_CFG + echo "pki_ds_ldap_port=$BUGKRA_LDAP_PORT" >> $BUGKRA_INSTANCE_CFG + echo "pki_ds_base_dn=$BUGKRA_LDAP_DB_SUFFIX" >> $BUGKRA_INSTANCE_CFG + echo "pki_ds_bind_dn=$BUG_LDAP_ROOTDN" >> $BUGKRA_INSTANCE_CFG + echo "pki_ds_password=$BUG_LDAP_ROOTDNPWD" >> $BUGKRA_INSTANCE_CFG + echo "pki_security_domain_hostname=$MASTER" >> $BUGKRA_INSTANCE_CFG + echo "pki_security_domain_https_port=$BUGCA_SEC_DOMAIN_HTTPS_PORT" >> $BUGKRA_INSTANCE_CFG + echo "pki_security_domain_password=$BUGCA_SEC_DOMAIN_PASSWORD" >> $BUGKRA_INSTANCE_CFG + echo "pki_security_domain_user=$BUGKRA_PKI_SECURITY_DOMAIN_USER" >> $BUGKRA_INSTANCE_CFG + echo "pki_client_database_password=$BUGKRA_PKI_CLIENT_DATABASE_PASSWORD" >> $BUGKRA_INSTANCE_CFG + echo "pki_admin_nickname=$BUGKRA_ADMIN_CERT_NICKNAME" >> $BUGKRA_INSTANCE_CFG + echo "pki_import_admin_cert=$BUGKRA_ADMIN_IMPORT_CERT" >> $BUGKRA_INSTANCE_CFG + echo "pki_client_dir=$BUGCA_CLIENT_DIR" >> $BUGKRA_INSTANCE_CFG + echo "pki_client_admin_cert_p12=$BUGCA_CLIENT_DIR/$BUGKRA_ADMIN_CERT_NICKNAME.p12" >> $BUGKRA_INSTANCE_CFG + echo "pki_backup_keys=$BUGCA_BACKUP" >> $BUGKRA_INSTANCE_CFG + echo "pki_backup_password=$BUGCA_BACKUP_PASSWORD" >> $BUGKRA_INSTANCE_CFG + echo "pki_client_database_dir=$BUGCA_CERTDB_DIR" >> $BUGKRA_INSTANCE_CFG + echo "pki_client_database_password=$BUGCA_CERTDB_DIR_PASSWORD" >> $BUGKRA_INSTANCE_CFG + echo "pki_client_database_purge=$BUGCA_CLIENT_DB_PURGE" >> $BUGKRA_INSTANCE_CFG + echo "pki_issuing_ca_hostname=$MASTER" >> $BUGKRA_INSTANCE_CFG + echo "pki_issuing_ca_https_port=$BUGCA_HTTPS_PORT" >> $BUGKRA_INSTANCE_CFG + echo "pki_issuing_ca_uri=https://$MASTER:$BUGCA_HTTPS_PORT" >> $BUGKRA_INSTANCE_CFG + rlRun "pkispawn -s KRA -v -f $BUGKRA_INSTANCE_CFG > $BUGKRA_INSTANCE_OUT" + rlRun "sleep 10" + + # Create a OCSP instance + + rlRun "rhds_install $BUGOCSP_LDAP_PORT $BUGOCSP_LDAP_INSTANCE_NAME \"$BUG_LDAP_ROOTDN\" $BUG_LDAP_ROOTDNPWD $BUGOCSP_LDAP_DB_SUFFIX $BUGOCSP_SUBSYSTEM_NAME" + echo "[DEFAULT]" > $BUGOCSP_INSTANCE_CFG + echo "pki_instance_name=$BUGCA_TOMCAT_INSTANCE_NAME" >> $BUGOCSP_INSTANCE_CFG + echo "pki_https_port=$BUGCA_HTTPS_PORT" >> $BUGOCSP_INSTANCE_CFG + echo "pki_http_port=$BUGCA_HTTP_PORT" >> $BUGOCSP_INSTANCE_CFG + echo "pki_tomcat_server_port=$BUGCA_TOMCAT_SERVER_PORT" >> $BUGOCSP_INSTANCE_CFG + echo "pki_admin_password=$BUGCA_ADMIN_PASSWORD" >> $BUGOCSP_INSTANCE_CFG + echo "pki_client_pkcs12_password=$BUGCA_CLIENT_PKCS12_PASSWORD" >> $BUGOCSP_INSTANCE_CFG + echo "pki_ds_database=$BUGOCSP_LDAP_INSTANCE_NAME" >> $BUGOCSP_INSTANCE_CFG + echo "pki_ds_ldap_port=$BUGOCSP_LDAP_PORT" >> $BUGOCSP_INSTANCE_CFG + echo "pki_ds_base_dn=$BUGOCSP_LDAP_DB_SUFFIX" >> $BUGOCSP_INSTANCE_CFG + echo "pki_ds_bind_dn=$BUG_LDAP_ROOTDN" >> $BUGOCSP_INSTANCE_CFG + echo "pki_ds_password=$BUG_LDAP_ROOTDNPWD" >> $BUGOCSP_INSTANCE_CFG + echo "pki_security_domain_hostname=$MASTER" >> $BUGOCSP_INSTANCE_CFG + echo "pki_security_domain_https_port=$BUGCA_SEC_DOMAIN_HTTPS_PORT" >> $BUGOCSP_INSTANCE_CFG + echo "pki_security_domain_password=$BUGCA_SEC_DOMAIN_PASSWORD" >> $BUGOCSP_INSTANCE_CFG + echo "pki_security_domain_user=$BUGOCSP_PKI_SECURITY_DOMAIN_USER" >> $BUGOCSP_INSTANCE_CFG + echo "pki_client_database_password=$BUGOCSP_PKI_CLIENT_DATABASE_PASSWORD" >> $BUGOCSP_INSTANCE_CFG + echo "pki_admin_nickname=$BUGOCSP_ADMIN_CERT_NICKNAME" >> $BUGOCSP_INSTANCE_CFG + echo "pki_import_admin_cert=$BUGKRA_ADMIN_IMPORT_CERT" >> $BUGOCSP_INSTANCE_CFG + echo "pki_client_dir=$BUGCA_CLIENT_DIR" >> $BUGOCSP_INSTANCE_CFG + echo "pki_client_admin_cert_p12=$BUGCA_CLIENT_DIR/$BUGOCSP_ADMIN_CERT_NICKNAME.p12" >> $BUGOCSP_INSTANCE_CFG + echo "pki_backup_keys=$BUGCA_BACKUP" >> $BUGOCSP_INSTANCE_CFG + echo "pki_backup_password=$BUGCA_BACKUP_PASSWORD" >> $BUGOCSP_INSTANCE_CFG + echo "pki_client_database_dir=$BUGCA_CERTDB_DIR" >> $BUGOCSP_INSTANCE_CFG + echo "pki_client_database_password=$BUGCA_CERTDB_DIR_PASSWORD" >> $BUGOCSP_INSTANCE_CFG + echo "pki_client_database_purge=$BUGCA_CLIENT_DB_PURGE" >> $BUGOCSP_INSTANCE_CFG + echo "pki_issuing_ca_hostname=$MASTER" >> $BUGOCSP_INSTANCE_CFG + echo "pki_issuing_ca_https_port=$BUGCA_HTTPS_PORT" >> $BUGOCSP_INSTANCE_CFG + echo "pki_issuing_ca_uri=https://$MASTER:$BUGCA_HTTPS_PORT" >> $BUGOCSP_INSTANCE_CFG + rlRun "pkispawn -s OCSP -v -f $BUGOCSP_INSTANCE_CFG > $BUGOCSP_INSTANCE_OUT" + rlRun "sleep 10" + + # Create a TKS instance + + rlRun "rhds_install $BUGTKS_LDAP_PORT $BUGTKS_LDAP_INSTANCE_NAME \"$BUG_LDAP_ROOTDN\" $BUG_LDAP_ROOTDNPWD $BUGTKS_LDAP_DB_SUFFIX $BUGTKS_SUBSYSTEM_NAME" + echo "[DEFAULT]" > $BUGTKS_INSTANCE_CFG + echo "pki_instance_name=$BUGCA_TOMCAT_INSTANCE_NAME" >> $BUGTKS_INSTANCE_CFG + echo "pki_https_port=$BUGCA_HTTPS_PORT" >> $BUGTKS_INSTANCE_CFG + echo "pki_http_port=$BUGCA_HTTP_PORT" >> $BUGTKS_INSTANCE_CFG + echo "pki_tomcat_server_port=$BUGCA_TOMCAT_SERVER_PORT" >> $BUGTKS_INSTANCE_CFG + echo "pki_admin_password=$BUGCA_ADMIN_PASSWORD" >> $BUGTKS_INSTANCE_CFG + echo "pki_client_pkcs12_password=$BUGCA_CLIENT_PKCS12_PASSWORD" >> $BUGTKS_INSTANCE_CFG + echo "pki_ds_database=$BUGTKS_LDAP_INSTANCE_NAME" >> $BUGTKS_INSTANCE_CFG + echo "pki_ds_ldap_port=$BUGTKS_LDAP_PORT" >> $BUGTKS_INSTANCE_CFG + echo "pki_ds_base_dn=$BUGTKS_LDAP_DB_SUFFIX" >> $BUGTKS_INSTANCE_CFG + echo "pki_ds_bind_dn=$BUG_LDAP_ROOTDN" >> $BUGTKS_INSTANCE_CFG + echo "pki_ds_password=$BUG_LDAP_ROOTDNPWD" >> $BUGTKS_INSTANCE_CFG + echo "pki_security_domain_hostname=$MASTER" >> $BUGTKS_INSTANCE_CFG + echo "pki_security_domain_https_port=$BUGCA_SEC_DOMAIN_HTTPS_PORT" >> $BUGTKS_INSTANCE_CFG + echo "pki_security_domain_password=$BUGCA_SEC_DOMAIN_PASSWORD" >> $BUGTKS_INSTANCE_CFG + echo "pki_security_domain_user=$BUGTKS_PKI_SECURITY_DOMAIN_USER" >> $BUGTKS_INSTANCE_CFG + echo "pki_client_database_password=$BUGTKS_PKI_CLIENT_DATABASE_PASSWORD" >> $BUGTKS_INSTANCE_CFG + echo "pki_admin_nickname=$BUGTKS_ADMIN_CERT_NICKNAME" >> $BUGTKS_INSTANCE_CFG + echo "pki_import_admin_cert=$BUGKRA_ADMIN_IMPORT_CERT" >> $BUGTKS_INSTANCE_CFG + echo "pki_client_dir=$BUGCA_CLIENT_DIR" >> $BUGTKS_INSTANCE_CFG + echo "pki_client_admin_cert_p12=$BUGCA_CLIENT_DIR/$BUGTKS_ADMIN_CERT_NICKNAME.p12" >> $BUGTKS_INSTANCE_CFG + echo "pki_backup_keys=$BUGCA_BACKUP" >> $BUGTKS_INSTANCE_CFG + echo "pki_backup_password=$BUGCA_BACKUP_PASSWORD" >> $BUGTKS_INSTANCE_CFG + echo "pki_client_database_dir=$BUGCA_CERTDB_DIR" >> $BUGTKS_INSTANCE_CFG + echo "pki_client_database_password=$BUGCA_CERTDB_DIR_PASSWORD" >> $BUGTKS_INSTANCE_CFG + echo "pki_client_database_purge=$BUGCA_CLIENT_DB_PURGE" >> $BUGTKS_INSTANCE_CFG + echo "pki_issuing_ca_hostname=$MASTER" >> $BUGTKS_INSTANCE_CFG + echo "pki_issuing_ca_https_port=$BUGCA_HTTPS_PORT" >> $BUGTKS_INSTANCE_CFG + echo "pki_issuing_ca_uri=https://$MASTER:$BUGCA_HTTPS_PORT" >> $BUGTKS_INSTANCE_CFG + rlRun "pkispawn -s TKS -v -f $BUGTKS_INSTANCE_CFG > $BUGTKS_INSTANCE_OUT" + rlRun "sleep 10" + rlPhaseEnd + +} diff --git a/tests/dogtag/acceptance/bugzilla/bug_uninstall.sh b/tests/dogtag/acceptance/bugzilla/bug_uninstall.sh new file mode 100755 index 000000000..9d40c695b --- /dev/null +++ b/tests/dogtag/acceptance/bugzilla/bug_uninstall.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/bugzilla/ +# Description: 1058366 bug verification +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#pki-user-cli-user-ca.sh should be first executed prior to bug verification +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_bug-uninstall(){ + + rlPhaseStartTest "Bug verification - uninstall instances" + rlRun "pkidestroy -s TKS -i pki-ca-bug" + rlRun "sleep 10" + rlRun "pkidestroy -s OCSP -i pki-ca-bug" + rlRun "sleep 10" + rlRun "pkidestroy -s KRA -i pki-ca-bug" + rlRun "sleep 10" + rlRun "pkidestroy -s CA -i pki-ca-bug" + rlRun "sleep 10" + rlRun "remove-ds.pl -f -i slapd-pki-ca-bug" + rlRun "sleep 10" + rlRun "remove-ds.pl -f -i slapd-pki-kra-bug" + rlRun "sleep 10" + rlRun "remove-ds.pl -f -i slapd-pki-ocsp-bug" + rlRun "sleep 10" + rlRun "remove-ds.pl -f -i slapd-pki-tks-bug" + rlRun "sleep 10" + rlRun "rm -rf $BUGCA_CERTDB_DIR" + rlPhaseEnd + +} diff --git a/tests/dogtag/acceptance/bugzilla/jss-bugs/bug-1040640.sh b/tests/dogtag/acceptance/bugzilla/jss-bugs/bug-1040640.sh new file mode 100755 index 000000000..eca9de24c --- /dev/null +++ b/tests/dogtag/acceptance/bugzilla/jss-bugs/bug-1040640.sh @@ -0,0 +1,82 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/bugzilla/jss-bugs +# Description: 1040640 bug verification +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#bug_setup.sh should be first executed prior to bug verification +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_bug-1040640-verification(){ + + rlPhaseStartTest "Bug 1040640 - Incorrect OIDs for SHA2 algorithms" + BUGCA_DOMAIN=`hostname -d` + pkcs10_cert_req_old="$BUGCA_CERTDB_DIR/certReq.p10" + pkcs10_cert_req_out_old="$BUGCA_CERTDB_DIR/certReq.p10.cmc" + cmc_conf_file_old="$BUGCA_CERTDB_DIR/p10cmc.conf" + http_client_rsa_conf_old="$BUGCA_CERTDB_DIR/HttpClientRSA.cfg" + http_client_out_old="$BUGCA_CERTDB_DIR/certReq.p10.cmc.response" + asn1_out_old="$BUGCA_CERTDB_DIR/asn1.out" + rlRun "PKCS10Client -d $BUGCA_CERTDB_DIR -p $BUGCA_CERTDB_DIR_PASSWORD -o $pkcs10_cert_req_old -n \"CN=test1\" -a rsa -l 2048" + echo "numRequests=1" >> $cmc_conf_file_old + echo "input=$pkcs10_cert_req_old" >> $cmc_conf_file_old + echo "output=$pkcs10_cert_req_out_old" >> $cmc_conf_file_old + echo "nickname=PKI Administrator for $BUGCA_DOMAIN" >> $cmc_conf_file_old + echo "dbdir=$BUGCA_CERTDB_DIR" >> $cmc_conf_file_old + echo "password=Secret123" >> $cmc_conf_file_old + echo "format=pkcs10" >> $cmc_conf_file_old + rlRun "CMCRequest $cmc_conf_file_old" + rlRun "sleep 10" + echo "host=$MASTER" >> $http_client_rsa_conf_old + echo "port=$BUGCA_HTTP_PORT" >> $http_client_rsa_conf_old + echo "secure=false" >> $http_client_rsa_conf_old + echo "input=$pkcs10_cert_req_out_old" >> $http_client_rsa_conf_old + echo "output=$http_client_out_old" >> $http_client_rsa_conf_old + echo "dbdir=$BUGCA_CERTDB_DIR" >> $http_client_rsa_conf_old + echo "clientmode=false" >> $http_client_rsa_conf_old + echo "password=Secret123" >> $http_client_rsa_conf_old + echo "nickname=PKI Administrator for $BUGCA_DOMAIN" >> $http_client_rsa_conf_old + echo "servlet=/ca/ee/ca/profileSubmitCMCFull" >> $http_client_rsa_conf_old + rlRun "HttpClient $http_client_rsa_conf_old" + rlRun "sleep 10" + rlRun "yum -y install dumpasn1" + rlRun "dumpasn1 $http_client_out_old > $asn1_out_old" + rlAssertNotGrep "2 16 840 1 101 3 4 1" "$asn1_out_old" + rlAssertGrep "2 16 840 1 101 3 4 2 1" "$asn1_out_old" + rlPhaseEnd + +} diff --git a/tests/dogtag/acceptance/bugzilla/jss-bugs/bug-1133718.sh b/tests/dogtag/acceptance/bugzilla/jss-bugs/bug-1133718.sh new file mode 100755 index 000000000..818c8cd0e --- /dev/null +++ b/tests/dogtag/acceptance/bugzilla/jss-bugs/bug-1133718.sh @@ -0,0 +1,76 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/bugzilla/jss-bugs +# Description: 1058366 bug verification +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#bug_setup.sh should be first executed prior to bug verification +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_bug-1133718-verification(){ + + rlPhaseStartTest "Bug 1133718 - Key strength validation is not performed for RC4 algorithm" + BUGCA_DOMAIN=`hostname -d` + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1133718" + rlLog "pki -d $BUGCA_CERTDB_DIR -c $BUGCA_CERTDB_DIR_PASSWORD -n \"PKI Administrator for $BUGCA_DOMAIN\" -h $MASTER -p $BUGCA_HTTP_PORT key-generate test --key-algorithm RC4 --key-size -1" + rlRun "pki -d $BUGCA_CERTDB_DIR -c $BUGCA_CERTDB_DIR_PASSWORD -n \"PKI Administrator for $BUGCA_DOMAIN\" -h $MASTER -p $BUGCA_HTTP_PORT key-generate test --key-algorithm RC4 --key-size -1 > /tmp/kra-key-generate001.out 2>&1" 255 "KRA key generate using key size -1" + rlRun "sleep 10" + rlAssertGrep "BadRequestException: Invalid key size for this algorithm" "/tmp/kra-key-generate001.out" + rlRun "pki -d $BUGCA_CERTDB_DIR -c $BUGCA_CERTDB_DIR_PASSWORD -n \"PKI Administrator for $BUGCA_DOMAIN\" -h $MASTER -p $BUGCA_HTTP_PORT key-generate test --key-algorithm RC4 --key-size 39 > /tmp/kra-key-generate002.out 2>&1" 255 "KRA key generate using key size 39" + rlRun "sleep 10" + rlAssertGrep "BadRequestException: Invalid key size for this algorithm" "/tmp/kra-key-generate002.out" + rlRun "pki -d $BUGCA_CERTDB_DIR -c $BUGCA_CERTDB_DIR_PASSWORD -n \"PKI Administrator for $BUGCA_DOMAIN\" -h $MASTER -p $BUGCA_HTTP_PORT key-generate test --key-algorithm RC4 --key-size 2049 > /tmp/kra-key-generate003.out 2>&1" 255 "KRA key generate using key size 2049" + rlRun "sleep 10" + rlAssertGrep "BadRequestException: Invalid key size for this algorithm" "/tmp/kra-key-generate003.out" + rlRun "pki -d $BUGCA_CERTDB_DIR -c $BUGCA_CERTDB_DIR_PASSWORD -n \"PKI Administrator for $BUGCA_DOMAIN\" -h $MASTER -p $BUGCA_HTTP_PORT key-generate test --key-algorithm RC4 --key-size 40 > /tmp/kra-key-generate004.out 2>&1" 0 "KRA key generate using key size 40" + rlRun "sleep 10" + rlAssertGrep "Key generation request info" "/tmp/kra-key-generate004.out" + rlAssertGrep "Type: symkeyGenRequest" "/tmp/kra-key-generate004.out" + rlAssertGrep "Status: complete" "/tmp/kra-key-generate004.out" + rlRun "pki -d $BUGCA_CERTDB_DIR -c $BUGCA_CERTDB_DIR_PASSWORD -n \"PKI Administrator for $BUGCA_DOMAIN\" -h $MASTER -p $BUGCA_HTTP_PORT key-generate test1 --key-algorithm RC4 --key-size 100 > /tmp/kra-key-generate005.out 2>&1" 0 "KRA key generate using key size 100" + rlRun "sleep 10" + rlAssertGrep "Key generation request info" "/tmp/kra-key-generate005.out" + rlAssertGrep "Type: symkeyGenRequest" "/tmp/kra-key-generate005.out" + rlAssertGrep "Status: complete" "/tmp/kra-key-generate005.out" + rlRun "pki -d $BUGCA_CERTDB_DIR -c $BUGCA_CERTDB_DIR_PASSWORD -n \"PKI Administrator for $BUGCA_DOMAIN\" -h $MASTER -p $BUGCA_HTTP_PORT key-generate test2 --key-algorithm RC4 --key-size 2048 > /tmp/kra-key-generate006.out 2>&1" 0 "KRA key generate using key size 2048" + rlRun "sleep 10" + rlAssertGrep "Key generation request info" "/tmp/kra-key-generate006.out" + rlAssertGrep "Type: symkeyGenRequest" "/tmp/kra-key-generate006.out" + rlAssertGrep "Status: complete" "/tmp/kra-key-generate006.out" + rlPhaseEnd + +} diff --git a/tests/dogtag/acceptance/bugzilla/pki-core-bugs/bug-790924.sh b/tests/dogtag/acceptance/bugzilla/pki-core-bugs/bug-790924.sh new file mode 100755 index 000000000..06ea47204 --- /dev/null +++ b/tests/dogtag/acceptance/bugzilla/pki-core-bugs/bug-790924.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/bugzilla/ +# Description: CS-backup-bug verification +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#pki-user-cli-user-ca.sh should be first executed prior to bug verification +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +BUGCA_LDAP_PORT="1801" +BUGCA_LDAP_INSTANCE_NAME="pki-ca-bug" +BUGCA_LDAP_DB_SUFFIX="dc=pki-ca" +BUGCA_SUBSYSTEM_NAME="BUGCA" +BUGCA_INSTANCE_CFG="/tmp/bugca_instance.inf" +BUGCA_INSTANCE_OUT="/tmp/bugca_instance_create.out" +BUGCA_TOMCAT_INSTANCE_NAME="pki-ca-bug" +BUGCA_ADMIN_PASSWORD="Secret123" +BUGCA_CLIENT_PKCS12_PASSWORD="Secret123" +BUGCA_HTTP_PORT="30051" +BUGCA_HTTPS_PORT="30050" +BUGCA_TOMCAT_SERVER_PORT="30052" +BUGCA_SEC_DOMAIN_HTTPS_PORT="30050" +BUGCA_SEC_DOMAIN_PASSWORD="Secret123" +BUG_LDAP_ROOTDN="cn=Directory Manager" +BUG_LDAP_ROOTDNPWD="Secret123" +BUGCA_CERTDB_DIR="/opt/bugsecdb/bugcerts_db" +BUGCA_CERTDB_DIR_PASSWORD="Secret123" +BUGCA_CLIENT_DB_PURGE=True +BUGCA_CLIENT_DIR="/opt/bugsecdb" +BUGCA_ADMIN_CERT_NICKNAME="bugcaadmincert" +BUGCA_ADMIN_IMPORT_CERT=False +BUGCA_BACKUP=True +BUGCA_BACKUP_PASSWORD="Secret123" +BUGCA_SIGNING_CERT_SUBJECT_NAME="CN=PKI EXTCA Signing Cert,O=redhat" +run_bug_790924(){ + + rlPhaseStartTest "Bug 790924 - pkispawn configuration does not provide CA extensions in subordinate certificate signing requests CSR" + + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=790924" + COMMON_SERVER_PACKAGES="bind expect pki-console xmlstarlet dos2unix" + RHELRHCS_PACKAGES="pki-base pki-server pki-tools pki-symkey pki-javadoc pki-ca" + cat /etc/redhat-release | grep "Fedora" + if [ $? -eq 0 ] ; then + FLAVOR="Fedora" + rlLog "Automation is running against Fedora" + else + FLAVOR="RHEL" + rlLog "Automation is running against RHEL" + yum clean all + yum -y update + #CA install + rc=0 + rlLog "CA instance will be installed on $HOSTNAME" + rlLog "yum -y install $COMMON_SERVER_PACKAGES" + yum -y install $COMMON_SERVER_PACKAGES + rlLog "yum -y install $RHELRHCS_PACKAGES" + yum -y install $RHELRHCS_PACKAGES + fi + rhcs_install_set_ldap_vars + # Create DS instance + rlRun "rhds_install $BUGCA_LDAP_PORT $BUGCA_LDAP_INSTANCE_NAME \"$BUG_LDAP_ROOTDN\" $BUG_LDAP_ROOTDNPWD $BUGCA_LDAP_DB_SUFFIX $BUGCA_SUBSYSTEM_NAME" + # CA config parameters + echo "[DEFAULT]" > $BUGCA_INSTANCE_CFG + echo "pki_instance_name=$BUGCA_TOMCAT_INSTANCE_NAME" >> $BUGCA_INSTANCE_CFG + echo "pki_https_port=$BUGCA_HTTPS_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_http_port=$BUGCA_HTTP_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_tomcat_server_port=$BUGCA_TOMCAT_SERVER_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_admin_password=$BUGCA_ADMIN_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_client_pkcs12_password=$BUGCA_CLIENT_PKCS12_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_database=$BUGCA_LDAP_INSTANCE_NAME" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_ldap_port=$BUGCA_LDAP_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_base_dn=$BUGCA_LDAP_DB_SUFFIX" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_bind_dn=$BUG_LDAP_ROOTDN" >> $BUGCA_INSTANCE_CFG + echo "pki_ds_password=$BUG_LDAP_ROOTDNPWD" >> $BUGCA_INSTANCE_CFG + echo "pki_security_domain_https_port=$BUGCA_SEC_DOMAIN_HTTPS_PORT" >> $BUGCA_INSTANCE_CFG + echo "pki_security_domain_password=$BUGCA_SEC_DOMAIN_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_admin_nickname=$BUGCA_ADMIN_CERT_NICKNAME" >> $BUGCA_INSTANCE_CFG + echo "pki_import_admin_cert=$BUGCA_ADMIN_IMPORT_CERT" >> $BUGCA_INSTANCE_CFG + echo "pki_client_dir=$BUGCA_CLIENT_DIR" >> $BUGCA_INSTANCE_CFG + echo "pki_client_admin_cert_p12=$BUGCA_CLIENT_DIR/$BUGCA_ADMIN_CERT_NICKNAME.p12" >> $BUGCA_INSTANCE_CFG + echo "pki_backup_keys=$BUGCA_BACKUP" >> $BUGCA_INSTANCE_CFG + echo "pki_backup_password=$BUGCA_BACKUP_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_client_database_dir=$BUGCA_CERTDB_DIR" >> $BUGCA_INSTANCE_CFG + echo "pki_client_database_password=$BUGCA_CERTDB_DIR_PASSWORD" >> $BUGCA_INSTANCE_CFG + echo "pki_client_database_purge=$BUGCA_CLIENT_DB_PURGE" >> $BUGCA_INSTANCE_CFG + echo "[CA]" >> $BUGCA_INSTANCE_CFG + echo "pki_external=True" >> $BUGCA_INSTANCE_CFG + echo "pki_external_csr_path=/tmp/ca_signing.csr" >> $BUGCA_INSTANCE_CFG + echo "pki_ca_signing_subject_dn=$BUGCA_SIGNING_CERT_SUBJECT_NAME" >> $BUGCA_INSTANCE_CFG + # Create CA instance + rlRun "pkispawn -s CA -f $BUGCA_INSTANCE_CFG > $BUGCA_INSTANCE_OUT" + rlRun "sleep 10" + rlAssertExists "/tmp/ca_signing.csr" + rlRun "pkidestroy -s CA -i pki-ca-bug" + rlRun "sleep 10" + rlRun "remove-ds.pl -f -i slapd-pki-ca-bug" + rlRun "sleep 10" + + rlPhaseEnd +} diff --git a/tests/dogtag/acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh b/tests/dogtag/acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh new file mode 100755 index 000000000..99a6f1f6a --- /dev/null +++ b/tests/dogtag/acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh @@ -0,0 +1,92 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/bugzilla/ +# Description: 1058366 bug verification +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#pki-user-cli-user-ca.sh should be first executed prior to bug verification +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_bug-1058366-verification(){ + + rlPhaseStartTest "bug_1058366: NullPointerException in tomcatjss searching for attribute clientauth" + CA_HOST=$MASTER + CA_PORT=$(cat /tmp/bugca_instance.inf | grep pki_http_port | cut -d "=" -f2) + test1="test_screen" + ca_server_xml_file="/var/lib/pki/pki-ca-bug/conf/server.xml" + temp_file="$ca_server_xml_file.temp" + log_file="/tmp/log_messages" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1058366" + rlRun "systemctl stop pki-tomcatd@pki-ca-bug.service" + rlRun "sleep 10" + search_string1="clientAuth=\"want\"" + search_string2="clientauth=\"want\"" + search_string3="enableOCSP=\"false\"" + replace_string3="enableOCSP=\"true\"" + search_string4="ocspResponderURL=\"http://$MASTER:9080/ca/ocsp\"" + replace_string4="ocspResponderURL=\"http://$MASTER:$CA_PORT/ca/ocsp\"" + + rlAssertGrep "$search_string1" "$ca_server_xml_file" + rlAssertNotGrep "$search_string2" "$ca_server_xml_file" + rlRun "sed 's/$search_string3/$replace_string3/g' $ca_server_xml_file > $temp_file" + rlRun "sleep 10" + cp $temp_file $ca_server_xml_file + rlRun "sleep 10" + rlRun "sed 's#$search_string4#$replace_string4#g' $ca_server_xml_file > $temp_file" + rlRun "sleep 10" + cp $temp_file $ca_server_xml_file + rlRun "sleep 10" + chown pkiuser:pkiuser $ca_server_xml_file + rlRun "sleep 10" + cat $ca_server_xml_file | grep $replace_string3 + if [ $? -eq 0 ] ; then + rlRun "systemctl start pki-tomcatd@pki-ca-bug.service" + rlRun "sleep 10" + rlRun "journalctl > $log_file" + rlRun "sleep 10" + rlAssertNotGrep "NullPointerException" "$log_file" + rlRun "systemctl stop pki-tomcatd@pki-ca-bug.service" + rlRun "sleep 10" + rlRun "sed 's/$replace_string3/$search_string3/g' $ca_server_xml_file > $temp_file" + rlRun "sleep 10" + cp $temp_file $ca_server_xml_file + rlRun "systemctl start pki-tomcatd@pki-ca-bug.service" + rlRun "sleep 10" + fi + rlPhaseEnd + +} diff --git a/tests/dogtag/acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh b/tests/dogtag/acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh new file mode 100755 index 000000000..782404c49 --- /dev/null +++ b/tests/dogtag/acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh @@ -0,0 +1,233 @@ +#!/bin/bash +# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/dogtag/acceptance/bugzilla/ +# Description: tomcatjss bug verification +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Authors: Roshni Pattath +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2013 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/share/beakerlib/beakerlib.sh +. /opt/rhqa_pki/rhcs-shared.sh +. /opt/rhqa_pki/pki-cert-cli-lib.sh +. /opt/rhqa_pki/env.sh + +######################################################################## +#pki-user-cli-user-ca.sh should be first executed prior to bug verification +######################################################################## + +######################################################################## +# Test Suite Globals +######################################################################## +run_tomcatjss-bug-verification(){ + + rlPhaseStartTest "bug_1084224: Tomcatjss missing strictCiphers implementation" + CA_HOST=$MASTER + CA_PORT=$(cat /tmp/bugca_instance.inf | grep pki_https_port | cut -d "=" -f2) + test1="test_screen" + ca_server_xml_file="/var/lib/pki/pki-ca-bug/conf/server.xml" + temp_file="$ca_server_xml_file.temp" + rlLog "https://bugzilla.redhat.com/show_bug.cgi?id=1084224" + rlRun "ssltap -sfx $CA_HOST:$CA_PORT > /tmp/original_cipher.out &" + rlRun "sleep 10" + rlLog "Executing: wget https://$CA_HOST:1924 --no-check-certificate" + rlRun "wget https://$CA_HOST:1924 --no-check-certificate" + cat /tmp/original_cipher.out | grep "cipher_suite = (0x0035) TLS/RSA/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0x0035) TLS/RSA/AES256-CBC/SHA" + search_string3="+TLS_RSA_WITH_AES_256_CBC_SHA" + replace_string3="-TLS_RSA_WITH_AES_256_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0x002f) TLS/RSA/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0x002f) TLS/RSA/AES128-CBC/SHA" + search_string3="+TLS_RSA_WITH_AES_128_CBC_SHA" + replace_string3="-TLS_RSA_WITH_AES_128_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA" + search_string3="+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" + replace_string3="-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA" + search_string3="+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" + replace_string3="-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0xc012) TLS/ECDHE-RSA/3DES-EDE-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0xc012) TLS/ECDHE-RSA/3DES-EDE-CBC/SHA" + search_string3="+TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" + replace_string3="-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA" + search_string3="+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" + replace_string3="-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA" + search_string3="+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" + replace_string3="-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA" + search_string3="+TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + replace_string3="-TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0x0038) TLS/DHE-DSS/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0x0038) TLS/DHE-DSS/AES256-CBC/SHA" + search_string3="+TLS_DHE_DSS_WITH_AES_256_CBC_SHA" + replace_string3="-TLS_DHE_DSS_WITH_AES_256_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0x0033) TLS/DHE-RSA/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0x0033) TLS/DHE-RSA/AES128-CBC/SHA" + search_string3="+TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + replace_string3="-TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + fi + cat /tmp/original_cipher.out | grep "cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + original_cipher="cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA" + search_string3="+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + replace_string3="-TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + fi + rlRun "systemctl stop pki-tomcatd@pki-ca-bug.service" + search_string1="strictCiphers=\"false\"" + replace_string1="strictCiphers=\"true\"" + search_string2="sslOptions=\"ssl2=true,ssl3=true,tls=true\"" + replace_string2="sslOptions=\"ssl2=false,ssl3=false,tls=true\"" + #search_string4="clientAuth=\"want\"" + #replace_string4="clientauth=\"want\"" + rlRun "sed 's/$search_string1/$replace_string1/g' $ca_server_xml_file > $temp_file" + cp $temp_file $ca_server_xml_file + rlRun "sed 's/$search_string2/$replace_string2/g' $ca_server_xml_file > $temp_file" + cp $temp_file $ca_server_xml_file + rlRun "sed 's/$search_string3/$replace_string3/g' $ca_server_xml_file > $temp_file" + cp $temp_file $ca_server_xml_file + #rlRun "sed 's/$search_string4/$replace_string4/g' $ca_server_xml_file > $temp_file" + #cp $temp_file $ca_server_xml_file + chown pkiuser:pkiuser $ca_server_xml_file + cat $ca_server_xml_file | grep $replace_string1 + if [ $? -eq 0 ] ; then + rlRun "modutil -dbdir /var/lib/pki/pki-ca-bug/ca/alias -fips true &" + rlRun "sleep 5" + rlRun "modutil -dbdir /var/lib/pki/pki-ca-bug/ca/alias -chkfips true > /tmp/chkfips.out" + rlAssertGrep "FIPS mode enabled." "/tmp/chkfips.out" + rlRun "systemctl start pki-tomcatd@pki-ca-bug.service" + rlRun "ssltap -sfx $CA_HOST:$CA_PORT > /tmp/new_cipher.out &" + rlRun "sleep 10" + rlLog "Executing: wget https://$CA_HOST:1924 --no-check-certificate" + rlRun "wget https://$CA_HOST:1924 --no-check-certificate" + cat $ca_server_xml_file | grep "+TLS_RSA_WITH_AES_256_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0x0035) TLS/RSA/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_RSA_WITH_AES_128_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0x002f) TLS/RSA/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0xc012) TLS/ECDHE-RSA/3DES-EDE-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0x0032) TLS/DHE-DSS/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_DHE_DSS_WITH_AES_256_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0x0038) TLS/DHE-DSS/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_DHE_RSA_WITH_AES_128_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0x0033) TLS/DHE-RSA/AES128-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + cat $ca_server_xml_file | grep "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA" + if [ $? -eq 0 ]; then + cat /tmp/new_cipher.out | grep "cipher_suite = (0x0039) TLS/DHE-RSA/AES256-CBC/SHA" + if [ $? -eq 0 ]; then + rlPass "Bug Verified" + fi + fi + rlAssertNotGrep "$original_cipher" "/tmp/new_cipher.out" + else + rlLog "Config file modification failed" + fi + rlPhaseEnd + +} -- cgit