<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
! You can obtain a copy of the license at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE
! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
! See the License for the specific language governing permissions
! and limitations under the License.
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
! Copyright 2007-2009 Sun Microsystems, Inc.
! Portions Copyright 2012 ForgeRock AS.
! -->
<defaultcall function="client_auth_setup"/>
<function name="client_auth_setup" scope="local">
<!--- Test Case : Server Certificate configuration -->
#@TestMarker Setup Tests
#@TestName Create certificates for server and client
#@TestPurpose Create server and client certificates
#@TestPreamble none
#@TestStep Generate server and client certificates.
#@TestStep Self-sign the certificates.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
<!-- Generate Server Cert -->
<testcase name="getTestCaseName(' Setup. certificates configuration')">
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
'---- Generating Server Certificate -----'
<!-- create a server certificate -->
<call function="'genCertificate'">
{ 'certAlias' : 'server-cert' ,
'dname' : "uid=server,%s" % (DIRECTORY_INSTANCE_SFX),
'keystore' : 'keystore',
'storepass' : SERVER_STOREPASS,
'keypass' : SERVER_KEYPASS,
'storetype' : 'JKS'
<!-- Self-Sign Server Cert -->
'---- Self-Signing Server Certificate ---- '
<call function="'SelfSignCertificate'">
{ 'certAlias' : 'server-cert' ,
'storepass' : SERVER_STOREPASS,
'keypass' : SERVER_KEYPASS,
'keystore' : 'keystore',
'storetype' : 'JKS'
<!-- Create folder on local host where are store client keystore and certificate-->
'Create folder %s' % (CERT_TMP)
<call function="'createFolder'">
'foldername' : CERT_TMP }
<call function="'checktestRC'">
{ 'returncode' : RC ,
'result' : STAXResult }
'---- Generating client Certificate : %s ---- ' % (USER_1_CERT)
<!-- create a client certificate : USER_1_CERT -->
<call function="'genCertificate'">
{ 'certAlias' : USER_1_CERT,
'dname' : USER_1_DN,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'keypass' : CLIENT_KEYPASS,
'storetype' : 'JKS'
<!-- Self-Sign client Certificate : USER_1_CERT -->
<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_1_CERT)</message>
<call function="'SelfSignCertificate'">
{ 'certAlias' : USER_1_CERT,
'storepass' : CLIENT_STOREPASS,
'keypass' : CLIENT_KEYPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
<!-- create a client certificate : USER_2_CERT -->
<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT)</message>
<call function="'genCertificate'">
{ 'certAlias' : USER_2_CERT,
'dname' : USER_2_DN,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'keypass' : CLIENT_KEYPASS,
'storetype' : 'JKS'
<!-- Self-Sign client Certificate : USER_2_CERT -->
<message>'---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT)</message>
<call function="'SelfSignCertificate'">
{ 'certAlias' : USER_2_CERT,
'storepass' : CLIENT_STOREPASS,
'keypass' : CLIENT_KEYPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
<call function="'testCase_Postamble'" />
<!--- Test Case : export client and server certificates -->
#@TestMarker Setup Tests
#@TestName Export and Import Certificates
#@TestPurpose Export and import client and server certificates
#@TestPreamble none
#@TestStep Export client and server certificates
#@TestStep Import the certificates in the server and clients Database
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
<testcase name="getTestCaseName(' setup. Export and Import certificates')">
<call function="'testCase_Preamble'" />
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<!-- Export the server Cert -->
<message>'---- Export the Server Certificate ----'</message>
<call function="'ExportCertificate'">
{ 'certAlias' : 'server-cert' ,
'outputfile' : SERVER_CERT_FILE,
'storepass' : SERVER_STOREPASS,
'storetype' : 'JKS'
<!-- export client certificate : USER_1_CERT -->
<message> '---- Export the client certificate : : %s ---- ' % (USER_1_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_1_CERT,
'outputfile' : USER_1_CERT_FILE,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
<!-- export client certificate RFC format : USER_1_CERT -->
<message> '---- Export the client certificate in RFC : : %s ---- ' % (USER_1_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_1_CERT,
'outputfile' : USER_1_CERT_FILE_RFC,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'format' : 'rfc',
'storetype' : 'JKS'
<!-- export client certificate : USER_2_CERT -->
<message>'---- Export the client certificate : : %s ---- ' % (USER_2_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_2_CERT,
'outputfile' : USER_2_CERT_FILE,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
<!-- export client certificate RFC format : USER_2_CERT -->
<message>'---- Export the client certificate in RFC format : : %s ---- ' % (USER_2_CERT)</message>
<call function="'ExportCertificate'">
{ 'certAlias' : USER_2_CERT,
'outputfile' : USER_2_CERT_FILE_RFC,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'format' : 'rfc',
'storetype' : 'JKS'
<!-- Import the server Certificate under the client database -->
<message>'---- Import the Server Certificate under the client keystore----'</message>
<call function="'ImportCertificate'">
{ 'certAlias' : 'server-cert',
'inputfile' : SERVER_CERT_FILE,
'storepass' : CLIENT_STOREPASS,
'keystore' : CLIENT_KEYSTORE,
'storetype' : 'JKS'
<!-- Import the client Certificates under the server keystore -->
<message> '---- Import the client Certificates %s under the server keystore----' % (USER_1_CERT)</message>
<call function="'ImportCertificate'">
{ 'certAlias' : USER_1_CERT,
'inputfile' : USER_1_CERT_FILE,
'storepass' : SERVER_STOREPASS,
'storetype' : 'JKS'
<message> '---- Import the client Certificates %s under the server keystore----' % (USER_2_CERT)</message>
<call function="'ImportCertificate'">
{ 'certAlias' : USER_2_CERT,
'inputfile' : USER_2_CERT_FILE,
'storepass' : SERVER_STOREPASS,
'storetype' : 'JKS'
<call function="'testCase_Postamble'"/>
<!--- Test Case : configure SSL and StartTLS -->
#@TestMarker Setup Tests
#@TestName Configure SSL and startTLS
#@TestPurpose Configure SSL and StartTLS
#@TestPreamble none
#@TestStep Configure SSL
#@TestStep Configure StartTLS
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
<testcase name="getTestCaseName('setup. Configure SSL and StartTLS')">
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<!-- Configure SSL and TLS -->
<message>'---- Configure SSL and TLS----'</message>
<call function="'configureSSL_TLS'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'keystorePin' : SERVER_STOREPASS,
'certAlias' : 'server-cert'}
<!--- Initial Search With SSL -->
<message>'Security: Client_auth: Searching with SSL Connection'</message>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsScope' : 'base',
'dsFilter' : 'objectclass=*' ,
'dsUseSSL' : ' ',
'dsTrustAll' : ' ',
'expectedRC' : 0
<!--- Initial Search With startTLS-->
<message>'Security: Client_auth: Searching with StartTLS Connection'</message>
<call function="'ldapSearchWithScript'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsScope' : 'base',
'dsFilter' : 'objectclass=*' ,
'dsUseStartTLS' : ' ',
'dsTrustAll' : ' ',
'expectedRC' : 0
<call function="'testCase_Postamble'"/>
<!--- Test Case : Create users entries with userCertificates -->
#@TestMarker Setup Tests
#@TestName Create users entries
#@TestPurpose Create users entries
#@TestPreamble none
#@TestStep Create users entries with usercertificates
#@TestPostamble none
#@TestResult Success if OpenDS returns 0 for all operations
<testcase name="getTestCaseName('setup. Create users entries')">
<call function="'testCase_Preamble'"/>
<!-- Load in the local shared python objects from libraries -->
<call function="'loadVariables'" />
<call function="'createStrongUserEntries'">
{ 'location' : STAF_REMOTE_HOSTNAME,
'certificate' : USER_1_CERT,
'filename' : USER_1_CERT_FILE_RFC,
'userdn' : USER_1_DN,
'localLdifFile' : localUser1LdifFile,
'remoteLdifFile' : remoteUser1LdifFile
<call function="'createStrongUserEntries'">
{ 'location' : STAF_REMOTE_HOSTNAME,
'certificate' : USER_2_CERT,
'filename' : USER_2_CERT_FILE_RFC,
'userdn' : USER_2_DN,
'localLdifFile' : localUser2LdifFile,
'remoteLdifFile' : remoteUser2LdifFile
<call function="'testCase_Postamble'"/>