3612N/A<?
xml version="1.0" encoding="UTF-8" standalone="no"?>
3612N/A ! The contents of this file are subject to the terms of the 3612N/A ! Common Development and Distribution License, Version 1.0 only 3612N/A ! (the "License"). You may not use this file except in compliance 3612N/A ! You can obtain a copy of the license at 3612N/A ! See the License for the specific language governing permissions 3612N/A ! and limitations under the License. 3612N/A ! When distributing Covered Code, exclude this CDDL HEADER in each 3612N/A ! file and exclude the License file at 3612N/A ! add the following below this CDDL HEADER, with the fields enclosed 3612N/A ! by brackets "[]" replaced with your own identifying information: 3612N/A ! Portions Copyright [yyyy] [name of copyright owner] 4865N/A ! Copyright 2008-2009 Sun Microsystems, Inc. 6035N/A ! Portions Copyright 2013 ForgeRock AS 3612N/A <
defaultcall function="security"/>
3612N/A <!--- Test Suite information 3612N/A #@TestSuiteName Setup-Uninstall security Tests 3612N/A #@TestSuitePurpose Test all secuirty related options of the 3612N/A setup and uninstall commands 3612N/A #@TestSuiteID security Tests 3612N/A #@TestGroup Setup-Uninstall 3612N/A CurrentTestPath['group'] = 'setup'
3612N/A CurrentTestPath['suite'] = 'security'
3612N/A <
call function="'testSuite_Preamble'"/>
3612N/A <
call function="'getFreePort'">
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A <
script>SEC_I1_PORT = STAXResult</
script>
3612N/A <
call function="'getFreePort'">
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A <
script>SEC_I1_SPORT = STAXResult</
script>
3853N/A <
call function="'getFreePort'">
3853N/A 'host' : STAF_REMOTE_HOSTNAME,
3853N/A <
script>SEC_I1_ADMIN_PORT = STAXResult</
script>
3612N/A <
call function="'getFreePort'">
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A <
script>SEC_I1_REPL_PORT = STAXResult</
script>
3612N/A <
call function="'getFreePort'">
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A <
script>SEC_I2_PORT = STAXResult</
script>
3612N/A <
call function="'getFreePort'">
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A <
script>SEC_I2_SPORT = STAXResult</
script>
3853N/A <
call function="'getFreePort'">
3853N/A 'host' : STAF_REMOTE_HOSTNAME,
3853N/A <
script>SEC_I2_ADMIN_PORT = STAXResult</
script>
3612N/A <
call function="'getFreePort'">
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A <
script>SEC_I2_REPL_PORT = STAXResult</
script>
5585N/A 'Got these free ports for I1: %s, %s, %s, %s' \
5585N/A % (SEC_I1_PORT, SEC_I1_SPORT, SEC_I1_ADMIN_PORT, SEC_I1_REPL_PORT)
5585N/A 'Got these free ports for I2: %s, %s, %s, %s' \
5585N/A % (SEC_I2_PORT, SEC_I2_SPORT, SEC_I2_ADMIN_PORT, SEC_I2_REPL_PORT)
3612N/A <!--- Test Case information 3612N/A #@TestMarker Setup-Uninstall Security tests 3612N/A #@TestName Setup-Uninstall: Security: 3612N/A #@TestID security_starttls_ssl 3612N/A #@TestStep Setup I1, with SSL 3822N/A Create o=o1 on I1 and I2, and import data on I1 3612N/A Check SSL works OK on I1 and I2 3612N/A Check StartTLS not-OK on I1 3822N/A Export server certs I1 and I2 3822N/A Create new JKS keystore and import I1 and I2 certs 3612N/A Uninstall I1, using new keystore 3612N/A #@TestResult PASS if all steps ran without errors 3612N/A <
testcase name="getTestCaseName('security_starttls_ssl')">
4865N/A if is_windows_platform(STAF_REMOTE_HOSTNAME):
3612N/A SEC_I1_ROOT = '%s/%s' % (SEC_I1_BASE, OPENDSNAME)
3612N/A SEC_I2_ROOT = '%s/%s' % (SEC_I2_BASE, OPENDSNAME)
3612N/A <
call function="'checkFileExists'">
3949N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A <
message>'++ Setup of I1'</
message>
3612N/A <
call function="'runSTAFCommand'">
3612N/A { 'name' : 'Create directory to contain I1',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'arguments' : 'DIRECTORY %s FAILIFEXISTS' % SEC_I1_BASE
3612N/A <
call function="'checktestRC'">
3612N/A 'result' : 'FAIL to create directory',
3612N/A <
call function="'runSTAFCommand'">
3612N/A { 'name' : 'Extract OpenDS ZIP file',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'arguments' : 'ZIPFILE %s/%s TODIRECTORY %s RESTOREPERMISSION' \
3690N/A % (DIRECTORY_INSTANCE_DIR, ZIPNAME, SEC_I1_BASE)
3612N/A <
call function="'checktestRC'">
3612N/A 'result' : 'FAIL to unzip OpenDS ZIP file',
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Launch setup command for I1',
3612N/A <
message>'++ Check status of I1'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Launch status command for I1',
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3853N/A 'testString': 'Server Run Status: Started',
3612N/A <
call function="'checkFileExists'">
3949N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A <!-- 1.4. Check StartTLS non-enablement --> 3612N/A <
message>'++ Check StartTLS is disabled'</
message>
3612N/A ent = 'cn=LDAP Connection Handler,cn=Connection Handlers,cn=config'
3612N/A <
call function="'ldapSearchWithScript'">
3612N/A { 'dsInstancePort' : SEC_I1_PORT,
3612N/A 'dsFilter' : 'objectclass=*',
3612N/A 'dsAttributes' : 'ds-cfg-allow-start-tls',
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'testString': 'ds-cfg-allow-start-tls: false',
3612N/A <
message>'++ Setup I2'</
message>
3612N/A <
call function="'runSTAFCommand'">
3612N/A { 'name' : 'Create directory to contain I2',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'arguments' : 'DIRECTORY %s FAILIFEXISTS' % SEC_I2_BASE
3612N/A <
call function="'checktestRC'">
3612N/A 'result' : 'FAIL to create directory',
3612N/A <
call function="'runSTAFCommand'">
3612N/A { 'name' : 'Extract OpenDS ZIP file',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'arguments' : 'ZIPFILE %s/%s TODIRECTORY %s RESTOREPERMISSION' \
3949N/A % (DIRECTORY_INSTANCE_DIR, ZIPNAME, SEC_I2_BASE)
3612N/A <
call function="'checktestRC'">
3612N/A 'result' : 'FAIL to unzip OpenDS ZIP file',
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Launch setup command for I2',
3612N/A <
message>'++ Check status of I2'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Launch status command for I2',
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3853N/A 'testString': 'Server Run Status: Started',
3612N/A <
call function="'checkFileExists'">
3949N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A <!-- 2.4. Check StartTLS enablement --> 3612N/A <
message>'++ Check StartTLS is enabled on I2'</
message>
3612N/A ent = 'cn=LDAP Connection Handler,cn=Connection Handlers,cn=config'
3612N/A <
call function="'ldapSearchWithScript'">
3612N/A { 'dsInstancePort' : SEC_I2_PORT,
3612N/A 'dsFilter' : 'objectclass=*',
3612N/A 'dsAttributes' : 'ds-cfg-allow-start-tls',
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'testString': 'ds-cfg-allow-start-tls: true',
3612N/A <!-- 3.1. Config: create backend I1 --> 3612N/A <
message>'++ create backend on I1'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Create backend on I1',
3612N/A <!-- 3.2. Config: create backend I2 --> 3612N/A <
message>'++ create backend on I2'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Create backend on I2',
3612N/A <!-- 3.3. Import data I1 --> 3612N/A <
message>'++ Import data on I1'</
message>
3853N/A p.append('--trustAll --port %s --backendID o1' % SEC_I1_ADMIN_PORT)
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Import data on I1',
3612N/A <!-- 3.4. Enable replication I1-I2 --> 3612N/A <
message>'++ Enable replication I1-I2'</
message>
3612N/A p.append('--host2 %s --bindDN2 "%s"' % (STAF_REMOTE_HOSTNAME, DM_DN))
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Enable I1 - I2 replication',
3612N/A <!-- 3.5. Initialize replication --> 3612N/A <
message>'++ Initialize replication I1-I2'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Initialize I1 - I2 replication',
3612N/A <
message>'++ Check SSL I1'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'SSL Search on I1',
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'testString': 'dn: cn=user_2,o=o1',
3612N/A <
message>'++ Check SSL I2'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'SSL Search on I2',
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'testString': 'dn: cn=user_2,o=o1',
3612N/A <!-- 4.3. Check not-StartTLS I1 --> 3612N/A <
message>'++ Check not-StartTLS I1'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'StartTLS Search on I1',
3612N/A <!-- 4.4. Check StartTLS I2 --> 3612N/A <
message>'++ Check StartTLS OK on I2'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'StartTLS Search on I2',
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'testString': 'dn: cn=user_2,o=o1',
3612N/A <!-- 5.1. Export server cert I1 --> 3612N/A <
message>'++ Export server cert I1'</
message>
3612N/A <
call function="'runSTAFCommand'">
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'arguments' : 'FILE %s TEXT' % KEYSTORE1_PIN_FILE
3612N/A <
call function="'checktestRC'">
3612N/A KEYSTORE1_PIN = STAFResult[:-1]
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Export I1 server cert',
3612N/A <!-- 5.2. Export server cert I2 --> 3612N/A <
message>'++ Export server cert I2'</
message>
3612N/A <
call function="'runSTAFCommand'">
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'arguments' : 'FILE %s TEXT' % KEYSTORE2_PIN_FILE
3612N/A <
call function="'checktestRC'">
3612N/A KEYSTORE2_PIN = STAFResult[:-1]
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Export I2 server cert',
3612N/A <!-- 5.3. Create new JKS keystore with I1 cert --> 3612N/A <
message>'++ Create new JKS keystore with I1 cert'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Import I1 cert in new JKS keystore',
3612N/A <!-- 5.4. Import cert I2 --> 3612N/A <
message>'++ Import cert on I2'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Import I2 cert in new JKS keystore',
3612N/A <
message>'++ Uninstall I1'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A <
message>'++ Uninstall I2'</
message>
3612N/A <
message>'%s %s' % (c, p)</
message>
3612N/A <
call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A <
call function="'testCase_Postamble'"/>
3612N/A <
call function="'testSuite_Postamble'"/>