3612N/A<?xml version="1.0" encoding="UTF-8" standalone="no"?>
3612N/A<!DOCTYPE stax SYSTEM "/shared/stax.dtd">
3612N/A<!--
3612N/A ! CDDL HEADER START
3612N/A !
3612N/A ! The contents of this file are subject to the terms of the
3612N/A ! Common Development and Distribution License, Version 1.0 only
3612N/A ! (the "License"). You may not use this file except in compliance
3612N/A ! with the License.
3612N/A !
3612N/A ! You can obtain a copy of the license at
3612N/A ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
3612N/A ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
3612N/A ! See the License for the specific language governing permissions
3612N/A ! and limitations under the License.
3612N/A !
3612N/A ! When distributing Covered Code, exclude this CDDL HEADER in each
3612N/A ! file and exclude the License file at
3612N/A ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
3612N/A ! add the following below this CDDL HEADER, with the fields enclosed
3612N/A ! by brackets "[]" replaced with your own identifying information:
3612N/A ! Portions Copyright [yyyy] [name of copyright owner]
3612N/A !
3612N/A ! CDDL HEADER END
3612N/A !
4865N/A ! Copyright 2008-2009 Sun Microsystems, Inc.
6035N/A ! Portions Copyright 2013 ForgeRock AS
3612N/A ! -->
3612N/A<stax>
3612N/A
3612N/A <defaultcall function="security"/>
3612N/A
3612N/A <function name="security">
3612N/A
3612N/A <sequence>
3612N/A
3612N/A <!--- Test Suite information
3612N/A #@TestSuiteName Setup-Uninstall security Tests
3612N/A #@TestSuitePurpose Test all secuirty related options of the
3612N/A setup and uninstall commands
3612N/A #@TestSuiteGroup security
3612N/A #@TestSuiteID security Tests
3612N/A #@TestGroup Setup-Uninstall
3612N/A #@TestScript security.xml
3612N/A #@TestHTMLLink http://opends.dev.java.net/
3612N/A -->
3612N/A
3612N/A <script>
3612N/A if not CurrentTestPath.has_key('group'):
3612N/A CurrentTestPath['group'] = 'setup'
3612N/A CurrentTestPath['suite'] = 'security'
3612N/A </script>
3612N/A
3612N/A <call function="'testSuite_Preamble'"/>
3612N/A
4865N/A
3612N/A <call function="'getFreePort'">
3612N/A {
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A 'port' : 8500,
3612N/A }
3612N/A </call>
3612N/A <script>SEC_I1_PORT = STAXResult</script>
3612N/A
3612N/A <call function="'getFreePort'">
3612N/A {
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A 'port' : 8520,
3612N/A }
3612N/A </call>
3612N/A <script>SEC_I1_SPORT = STAXResult</script>
3853N/A
3853N/A <call function="'getFreePort'">
3853N/A {
3853N/A 'host' : STAF_REMOTE_HOSTNAME,
6035N/A 'port' : 8554,
3853N/A }
3853N/A </call>
3853N/A <script>SEC_I1_ADMIN_PORT = STAXResult</script>
4865N/A
3612N/A <call function="'getFreePort'">
3612N/A {
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A 'port' : 8540,
3612N/A }
3612N/A </call>
3612N/A <script>SEC_I1_REPL_PORT = STAXResult</script>
3612N/A
3612N/A <call function="'getFreePort'">
3612N/A {
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A 'port' : 8600,
3612N/A }
3612N/A </call>
3612N/A <script>SEC_I2_PORT = STAXResult</script>
3612N/A
3612N/A <call function="'getFreePort'">
3612N/A {
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A 'port' : 8620,
3612N/A }
3612N/A </call>
3612N/A <script>SEC_I2_SPORT = STAXResult</script>
3853N/A
3853N/A <call function="'getFreePort'">
3853N/A {
3853N/A 'host' : STAF_REMOTE_HOSTNAME,
6035N/A 'port' : 8654,
3853N/A }
3853N/A </call>
3853N/A <script>SEC_I2_ADMIN_PORT = STAXResult</script>
4865N/A
3612N/A <call function="'getFreePort'">
3612N/A {
3612N/A 'host' : STAF_REMOTE_HOSTNAME,
3612N/A 'port' : 8640,
3612N/A }
3612N/A </call>
3612N/A <script>SEC_I2_REPL_PORT = STAXResult</script>
3612N/A
3612N/A <message>
5585N/A 'Got these free ports for I1: %s, %s, %s, %s' \
5585N/A % (SEC_I1_PORT, SEC_I1_SPORT, SEC_I1_ADMIN_PORT, SEC_I1_REPL_PORT)
3612N/A </message>
5585N/A <message>
5585N/A 'Got these free ports for I2: %s, %s, %s, %s' \
5585N/A % (SEC_I2_PORT, SEC_I2_SPORT, SEC_I2_ADMIN_PORT, SEC_I2_REPL_PORT)
5585N/A </message>
3612N/A
3612N/A <!--- Test Case information
3612N/A #@TestMarker Setup-Uninstall Security tests
3612N/A #@TestName Setup-Uninstall: Security:
3612N/A security_starttls_ssl
3612N/A #@TestID security_starttls_ssl
3612N/A #@TestPurpose Test security related options of setup/uninstall
3612N/A #@TestPreamble
3612N/A #@TestStep Setup I1, with SSL
3612N/A Setup I2, with StartTLS
3822N/A Create o=o1 on I1 and I2, and import data on I1
3612N/A Setup replication I1 - I2
3612N/A Check SSL works OK on I1 and I2
3612N/A Check StartTLS not-OK on I1
3612N/A Check StartTLS OK on I2
3822N/A Export server certs I1 and I2
3822N/A Create new JKS keystore and import I1 and I2 certs
3612N/A Uninstall I1, using new keystore
3612N/A Uninstall I2
3612N/A #@TestPostamble
3612N/A #@TestResult PASS if all steps ran without errors
3612N/A -->
3612N/A <testcase name="getTestCaseName('security_starttls_ssl')">
3612N/A <sequence>
3612N/A
3612N/A <script>
3612N/A DM_DN = 'cn=DM'
3612N/A DM_PW = 'secret12'
3816N/A DM_PW_FILE = '%s/setup/pwd-security.ldif' % remote.data
3612N/A
4865N/A if is_windows_platform(STAF_REMOTE_HOSTNAME):
4865N/A KEYTOOL = '%s/bin/keytool.exe' % (JAVA_HOME)
4865N/A else:
4865N/A KEYTOOL = '%s/bin/keytool' % (JAVA_HOME)
4865N/A
3612N/A SEC_I1_BASE = '%s/sec_i1' % (OUT_GROUP)
3612N/A SEC_I1_ROOT = '%s/%s' % (SEC_I1_BASE, OPENDSNAME)
3612N/A SEC_I2_BASE = '%s/sec_i2' % (OUT_GROUP)
3612N/A SEC_I2_ROOT = '%s/%s' % (SEC_I2_BASE, OPENDSNAME)
3612N/A MY_KEYSTORE = '%s/ks' % OUT_GROUP
3816N/A SEC_O1_LDIF = '%s/setup/sec-o1.ldif' % remote.data
3612N/A </script>
3612N/A
3612N/A <call function="'checkFileExists'">
3949N/A {
3949N/A 'location' : STAF_REMOTE_HOSTNAME,
3949N/A 'file' : KEYTOOL
3949N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 1.1. Setup I1 -->
3612N/A <message>'++ Setup of I1'</message>
3612N/A <call function="'runSTAFCommand'">
3612N/A { 'name' : 'Create directory to contain I1',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'service' : 'FS',
3612N/A 'request' : 'CREATE',
3612N/A 'arguments' : 'DIRECTORY %s FAILIFEXISTS' % SEC_I1_BASE
3612N/A }
3612N/A </call>
3612N/A
3612N/A <call function="'checktestRC'">
3612N/A { 'returncode' : RC,
3612N/A 'expected' : 0,
3612N/A 'result' : 'FAIL to create directory',
3612N/A }
3612N/A </call>
3612N/A
3612N/A <call function="'runSTAFCommand'">
3612N/A { 'name' : 'Extract OpenDS ZIP file',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'service' : 'ZIP',
3612N/A 'request' : 'UNZIP',
3612N/A 'arguments' : 'ZIPFILE %s/%s TODIRECTORY %s RESTOREPERMISSION' \
3690N/A % (DIRECTORY_INSTANCE_DIR, ZIPNAME, SEC_I1_BASE)
3612N/A }
3612N/A </call>
3612N/A
3612N/A <call function="'checktestRC'">
3612N/A { 'returncode' : RC,
3612N/A 'expected' : 0,
3612N/A 'result' : 'FAIL to unzip OpenDS ZIP file',
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A c = '%s/setup%s' % (SEC_I1_ROOT, fileExt)
3612N/A p = []
6035N/A p.append('--cli --hostname %s' % (STAF_REMOTE_HOSTNAME))
6035N/A p.append('--no-prompt --ldapPort %s' % (SEC_I1_PORT))
3612N/A p.append('--ldapsPort %s' % SEC_I1_SPORT)
3853N/A p.append('--adminConnectorPort %s' % SEC_I1_ADMIN_PORT)
3612N/A p.append('--rootUserDN "%s"' % DM_DN)
3612N/A p.append('--rootUserPassword "%s"' % DM_PW)
3612N/A p.append('--generateSelfSignedCertificate')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Launch setup command for I1',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-setup-i1.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 1.2. Check I1 -->
3612N/A <message>'++ Check status of I1'</message>
3612N/A <script>
3690N/A c = '%s/%s/status%s' % (SEC_I1_ROOT, fileFolder, fileExt)
3612N/A p = []
3853N/A p.append('--no-prompt --trustAll')
3612N/A p.append('--bindDN "%s" --bindPassword "%s"' % (DM_DN, DM_PW))
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Launch status command for I1',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-status-i1.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A grepFile = '%s/sec-status-i1.txt' % OUT_GROUP
3612N/A </script>
3612N/A
3612N/A <call function="'grep'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'filename' : grepFile,
3853N/A 'testString': 'Server Run Status: Started',
3612N/A 'expectedRC': 0,
3612N/A }
3612N/A </call>
3612N/A
3853N/A <!-- 1.3. Check config/admin-keystore -->
3853N/A <message>'++ Check file config/admin-keystore exists'</message>
3612N/A <script>
3853N/A ks = '%s/config/admin-keystore' % SEC_I1_ROOT
3612N/A </script>
3612N/A
3612N/A <call function="'checkFileExists'">
3949N/A {
3949N/A 'location' : STAF_REMOTE_HOSTNAME,
3949N/A 'file' : ks
3949N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 1.4. Check StartTLS non-enablement -->
3612N/A <message>'++ Check StartTLS is disabled'</message>
3612N/A <script>
3612N/A ent = 'cn=LDAP Connection Handler,cn=Connection Handlers,cn=config'
3612N/A </script>
3612N/A
3612N/A <call function="'ldapSearchWithScript'">
3612N/A { 'dsInstancePort' : SEC_I1_PORT,
3612N/A 'dsInstanceDn' : DM_DN,
3612N/A 'dsInstancePswd' : DM_PW,
3612N/A 'dsBaseDN' : ent,
3612N/A 'dsFilter' : 'objectclass=*',
3612N/A 'dsAttributes' : 'ds-cfg-allow-start-tls',
3612N/A 'expectedRC' : 0,
3612N/A 'outputPath' : OUT_GROUP,
3612N/A 'outputFile' : 'sec-ldapsearch-i1.txt',
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A grepFile = '%s/sec-ldapsearch-i1.txt' % OUT_GROUP
3612N/A </script>
3612N/A
3612N/A <call function="'grep'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'filename' : grepFile,
3612N/A 'testString': 'ds-cfg-allow-start-tls: false',
3612N/A 'expectedRC': 0,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 2.1. Setup I2 -->
3612N/A <message>'++ Setup I2'</message>
3612N/A <call function="'runSTAFCommand'">
3612N/A { 'name' : 'Create directory to contain I2',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'service' : 'FS',
3612N/A 'request' : 'CREATE',
3612N/A 'arguments' : 'DIRECTORY %s FAILIFEXISTS' % SEC_I2_BASE
3612N/A }
3612N/A </call>
3612N/A
3612N/A <call function="'checktestRC'">
3612N/A { 'returncode' : RC,
3612N/A 'expected' : 0,
3612N/A 'result' : 'FAIL to create directory',
3612N/A }
3612N/A </call>
3612N/A
3612N/A <call function="'runSTAFCommand'">
3612N/A { 'name' : 'Extract OpenDS ZIP file',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'service' : 'ZIP',
3612N/A 'request' : 'UNZIP',
3612N/A 'arguments' : 'ZIPFILE %s/%s TODIRECTORY %s RESTOREPERMISSION' \
3949N/A % (DIRECTORY_INSTANCE_DIR, ZIPNAME, SEC_I2_BASE)
3612N/A
3612N/A }
3612N/A </call>
3612N/A
3612N/A <call function="'checktestRC'">
3612N/A { 'returncode' : RC,
3612N/A 'expected' : 0,
3612N/A 'result' : 'FAIL to unzip OpenDS ZIP file',
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A c = '%s/setup%s' % (SEC_I2_ROOT, fileExt)
3612N/A p = []
6035N/A p.append('--cli --hostname %s' % (STAF_REMOTE_HOSTNAME))
6035N/A p.append('--no-prompt --ldapPort %s' % (SEC_I2_PORT))
3612N/A p.append('--ldapsPort %s' % SEC_I2_SPORT)
3853N/A p.append('--adminConnectorPort %s' % SEC_I2_ADMIN_PORT)
3612N/A p.append('--rootUserDN "%s"' % DM_DN)
3612N/A p.append('--rootUserPassword "%s"' % DM_PW)
3612N/A p.append('--generateSelfSignedCertificate --enableStartTLS')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Launch setup command for I2',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I2_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-setup-i2.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 2.2. Check I2 -->
3612N/A <message>'++ Check status of I2'</message>
3612N/A <script>
3690N/A c = '%s/%s/status%s' % (SEC_I2_ROOT, fileFolder, fileExt)
3612N/A p = []
3853N/A p.append('--no-prompt --trustAll')
3612N/A p.append('--bindDN "%s" --bindPassword "%s"' % (DM_DN, DM_PW))
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Launch status command for I2',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-status-i2.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A grepFile = '%s/sec-status-i2.txt' % OUT_GROUP
3612N/A </script>
3612N/A
3612N/A <call function="'grep'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'filename' : grepFile,
3853N/A 'testString': 'Server Run Status: Started',
3612N/A 'expectedRC': 0,
3612N/A }
3612N/A </call>
3612N/A
3853N/A <!-- 2.3. Check config/admin-keystore -->
3853N/A <message>'++ Check file config/admin-keystore exists'</message>
3612N/A <script>
3853N/A ks = '%s/config/admin-keystore' % SEC_I2_ROOT
3612N/A </script>
3612N/A
3612N/A <call function="'checkFileExists'">
3949N/A {
3949N/A 'location' : STAF_REMOTE_HOSTNAME,
3949N/A 'file' : ks
3949N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 2.4. Check StartTLS enablement -->
3612N/A <message>'++ Check StartTLS is enabled on I2'</message>
3612N/A <script>
3612N/A ent = 'cn=LDAP Connection Handler,cn=Connection Handlers,cn=config'
3612N/A </script>
3612N/A
3612N/A <call function="'ldapSearchWithScript'">
3612N/A { 'dsInstancePort' : SEC_I2_PORT,
3612N/A 'dsInstanceDn' : DM_DN,
3612N/A 'dsInstancePswd' : DM_PW,
3612N/A 'dsBaseDN' : ent,
3612N/A 'dsFilter' : 'objectclass=*',
3612N/A 'dsAttributes' : 'ds-cfg-allow-start-tls',
3612N/A 'expectedRC' : 0,
3612N/A 'outputPath' : OUT_GROUP,
3612N/A 'outputFile' : 'sec-ldapsearch-i2.txt',
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A grepFile = '%s/sec-ldapsearch-i2.txt' % OUT_GROUP
3612N/A </script>
3612N/A
3612N/A <call function="'grep'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'filename' : grepFile,
3612N/A 'testString': 'ds-cfg-allow-start-tls: true',
3612N/A 'expectedRC': 0,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 3.1. Config: create backend I1 -->
3612N/A <message>'++ create backend on I1'</message>
3612N/A <script>
3690N/A c = '%s/%s/dsconfig%s' % (SEC_I1_ROOT, fileFolder, fileExt)
3612N/A p = []
3612N/A p.append('create-backend --bindDN "%s"' % DM_DN)
3853N/A p.append('--bindPassword "%s"' % DM_PW)
3853N/A p.append('--trustAll --port %s' % SEC_I1_ADMIN_PORT)
3612N/A p.append('--backend-name o1 --type local-db --no-prompt')
3612N/A p.append('--set enabled:true --set writability-mode:enabled')
3612N/A p.append('--set base-dn:"o=o1"')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Create backend on I1',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-create-backend-i1.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 3.2. Config: create backend I2 -->
3612N/A <message>'++ create backend on I2'</message>
3612N/A <script>
3690N/A c = '%s/%s/dsconfig%s' % (SEC_I2_ROOT, fileFolder, fileExt)
3612N/A p = []
3612N/A p.append('create-backend --bindDN "%s"' % DM_DN)
3853N/A p.append('--bindPassword "%s"' % DM_PW)
3853N/A p.append('--trustAll --port %s' % SEC_I2_ADMIN_PORT)
3612N/A p.append('--backend-name o1 --type local-db --no-prompt')
3612N/A p.append('--set enabled:true --set writability-mode:enabled')
3612N/A p.append('--set base-dn:"o=o1"')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Create backend on I2',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I2_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-create-backend-i2.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 3.3. Import data I1 -->
3612N/A <message>'++ Import data on I1'</message>
3612N/A <script>
3690N/A c = '%s/%s/import-ldif%s' % (SEC_I1_ROOT, fileFolder, fileExt)
3612N/A p = []
3612N/A p.append('--bindDN "%s" --bindPassword "%s"' % (DM_DN, DM_PW))
3853N/A p.append('--trustAll --port %s --backendID o1' % SEC_I1_ADMIN_PORT)
3612N/A p.append('--ldifFile %s' % SEC_O1_LDIF)
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Import data on I1',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-import-ldif-i1.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 3.4. Enable replication I1-I2 -->
3612N/A <message>'++ Enable replication I1-I2'</message>
3612N/A <script>
3690N/A c = '%s/%s/dsreplication%s' % (SEC_I1_ROOT, fileFolder, fileExt)
3612N/A p = []
3853N/A p.append('enable --trustAll --host1 %s' % STAF_REMOTE_HOSTNAME)
3612N/A p.append('--bindDN1 "%s"' % DM_DN)
3612N/A p.append('--bindPassword1 "%s"' % DM_PW)
3853N/A p.append('--port1 %s' % SEC_I1_ADMIN_PORT)
3612N/A p.append('--replicationPort1 %s' % SEC_I1_REPL_PORT)
3612N/A p.append('--host2 %s --bindDN2 "%s"' % (STAF_REMOTE_HOSTNAME, DM_DN))
3612N/A p.append('--bindPassword2 "%s"' % DM_PW)
3853N/A p.append('--port2 %s' % SEC_I2_ADMIN_PORT)
3612N/A p.append('--replicationPort2 %s' % SEC_I2_REPL_PORT)
3612N/A p.append('-I admin -w secret12')
3612N/A p.append('--baseDN "o=o1" --no-prompt')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Enable I1 - I2 replication',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-enable-repl.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 3.5. Initialize replication -->
3612N/A <message>'++ Initialize replication I1-I2'</message>
3612N/A <script>
3690N/A c = '%s/%s/dsreplication%s' % (SEC_I1_ROOT, fileFolder, fileExt)
3612N/A p = []
3853N/A p.append('initialize --trustAll')
3853N/A p.append('-I admin -w secret12 --baseDN "o=o1"')
3612N/A p.append('--hostSource %s' % STAF_REMOTE_HOSTNAME)
3853N/A p.append('--portSource %s' % SEC_I1_ADMIN_PORT)
3612N/A p.append('--hostDestination %s' % STAF_REMOTE_HOSTNAME)
3853N/A p.append('--portDestination %s' % SEC_I2_ADMIN_PORT)
3612N/A p.append('--no-prompt')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Initialize I1 - I2 replication',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-initialize-repl.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 4.1. Check SSL I1 -->
3612N/A <message>'++ Check SSL I1'</message>
3612N/A <script>
3690N/A c = '%s/%s/ldapsearch%s' % (SEC_I1_ROOT, fileFolder, fileExt)
3612N/A p = []
3612N/A p.append('--hostname %s' % STAF_REMOTE_HOSTNAME)
3612N/A p.append('--port %s' % SEC_I1_SPORT)
3612N/A p.append('--trustAll --useSSL')
3612N/A p.append('--baseDN "cn=user_2,o=o1"')
3612N/A p.append('--searchScope base "(objectClass=*)"')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'SSL Search on I1',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-ldapsearch-ssl-i1.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A grepFile = '%s/sec-ldapsearch-ssl-i1.txt' % OUT_GROUP
3612N/A </script>
3612N/A
3612N/A <call function="'grep'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'filename' : grepFile,
3612N/A 'testString': 'dn: cn=user_2,o=o1',
3612N/A 'expectedRC': 0,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 4.2. Check SSL I2 -->
3612N/A <message>'++ Check SSL I2'</message>
3612N/A <script>
3690N/A c = '%s/%s/ldapsearch%s' % (SEC_I2_ROOT, fileFolder, fileExt)
3612N/A p = []
3612N/A p.append('--hostname %s' % STAF_REMOTE_HOSTNAME)
3612N/A p.append('--port %s' % SEC_I2_SPORT)
3612N/A p.append('--trustAll --useSSL')
3612N/A p.append('--baseDN "cn=user_2,o=o1"')
3612N/A p.append('--searchScope base "(objectClass=*)"')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'SSL Search on I2',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I2_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-ldapsearch-ssl-i2.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A grepFile = '%s/sec-ldapsearch-ssl-i2.txt' % OUT_GROUP
3612N/A </script>
3612N/A
3612N/A <call function="'grep'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'filename' : grepFile,
3612N/A 'testString': 'dn: cn=user_2,o=o1',
3612N/A 'expectedRC': 0,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 4.3. Check not-StartTLS I1 -->
3612N/A <message>'++ Check not-StartTLS I1'</message>
3612N/A <script>
3690N/A c = '%s/%s/ldapsearch%s' % (SEC_I1_ROOT, fileFolder, fileExt)
3612N/A p = []
3612N/A p.append('--hostname %s' % STAF_REMOTE_HOSTNAME)
3612N/A p.append('--port %s' % SEC_I1_PORT)
3612N/A p.append('--trustAll --useStartTLS')
3612N/A p.append('--baseDN "cn=user_2,o=o1"')
3612N/A p.append('--searchScope base "(objectClass=*)"')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'StartTLS Search on I1',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 52,
3612N/A 'outputFile': '%s/sec-ldapsearch-starttls-i1.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 4.4. Check StartTLS I2 -->
3612N/A <message>'++ Check StartTLS OK on I2'</message>
3612N/A <script>
3690N/A c = '%s/%s/ldapsearch%s' % (SEC_I2_ROOT, fileFolder, fileExt)
3612N/A p = []
3612N/A p.append('--hostname %s' % STAF_REMOTE_HOSTNAME)
3612N/A p.append('--port %s' % SEC_I2_PORT)
3612N/A p.append('--trustAll --useStartTLS')
3612N/A p.append('--baseDN "cn=user_2,o=o1"')
3612N/A p.append('--searchScope base "(objectClass=*)"')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'StartTLS Search on I2',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I2_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-ldapsearch-starttls-i2.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A grepFile = '%s/sec-ldapsearch-starttls-i2.txt' % OUT_GROUP
3612N/A </script>
3612N/A
3612N/A <call function="'grep'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'filename' : grepFile,
3612N/A 'testString': 'dn: cn=user_2,o=o1',
3612N/A 'expectedRC': 0,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 5.1. Export server cert I1 -->
3612N/A <message>'++ Export server cert I1'</message>
3612N/A <script>
3612N/A CERT1_FILE = '%s/cert1' % OUT_GROUP
3853N/A KEYSTORE1_FILE = '%s/config/admin-keystore' % SEC_I1_ROOT
3853N/A KEYSTORE1_PIN_FILE = '%s/config/admin-keystore.pin' % SEC_I1_ROOT
3612N/A </script>
3612N/A
3612N/A <call function="'runSTAFCommand'">
3612N/A { 'name' : 'Get content of keystore.pin file for I1',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'service' : 'FS',
3612N/A 'request' : 'GET',
3612N/A 'arguments' : 'FILE %s TEXT' % KEYSTORE1_PIN_FILE
3612N/A }
3612N/A </call>
3612N/A
3612N/A <call function="'checktestRC'">
3612N/A { 'returncode' : RC,
3612N/A 'expected' : 0,
3612N/A 'result' : 'FAIL to get content of keystore.pin file',
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A KEYSTORE1_PIN = STAFResult[:-1]
3612N/A </script>
3612N/A
3612N/A <script>
3612N/A c = '%s' % KEYTOOL
3612N/A p = []
3612N/A p.append('-export -keystore %s' % KEYSTORE1_FILE)
3612N/A p.append('-storepass "%s"' % KEYSTORE1_PIN)
3853N/A p.append('-alias admin-cert -file %s' % CERT1_FILE)
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Export I1 server cert',
3612N/A 'command' : KEYTOOL,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-export-cert-i1.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 5.2. Export server cert I2 -->
3612N/A <message>'++ Export server cert I2'</message>
3612N/A <script>
3612N/A CERT2_FILE = '%s/cert2' % OUT_GROUP
3853N/A KEYSTORE2_FILE = '%s/config/admin-keystore' % SEC_I2_ROOT
3853N/A KEYSTORE2_PIN_FILE = '%s/config/admin-keystore.pin' % SEC_I2_ROOT
3612N/A </script>
3612N/A
3612N/A <call function="'runSTAFCommand'">
3612N/A { 'name' : 'Get content of keystore.pin file for I2',
3612N/A 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'service' : 'FS',
3612N/A 'request' : 'GET',
3612N/A 'arguments' : 'FILE %s TEXT' % KEYSTORE2_PIN_FILE
3612N/A }
3612N/A </call>
3612N/A
3612N/A <call function="'checktestRC'">
3612N/A { 'returncode' : RC,
3612N/A 'expected' : 0,
3612N/A 'result' : 'FAIL to get content of keystore.pin file',
3612N/A }
3612N/A </call>
3612N/A
3612N/A <script>
3612N/A KEYSTORE2_PIN = STAFResult[:-1]
3612N/A </script>
3612N/A
3612N/A <script>
3612N/A c = '%s' % KEYTOOL
3612N/A p = []
3612N/A p.append('-export -keystore %s' % KEYSTORE2_FILE)
3612N/A p.append('-storepass "%s"' % KEYSTORE2_PIN)
3853N/A p.append('-alias admin-cert -file %s' % CERT2_FILE)
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Export I2 server cert',
3612N/A 'command' : KEYTOOL,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I2_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-export-cert-i2.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 5.3. Create new JKS keystore with I1 cert -->
3612N/A <message>'++ Create new JKS keystore with I1 cert'</message>
3612N/A <script>
3612N/A c = '%s' % KEYTOOL
3612N/A p = []
3612N/A p.append('-import -storetype JKS -keystore %s' % MY_KEYSTORE)
3612N/A p.append('-file %s' % CERT1_FILE)
3853N/A p.append('-storepass secret12 -alias admin-cert1')
3612N/A p.append('-noprompt')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Import I1 cert in new JKS keystore',
3612N/A 'command' : KEYTOOL,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-import-cert-i1.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <!-- 5.4. Import cert I2 -->
3612N/A <message>'++ Import cert on I2'</message>
3612N/A <script>
3612N/A c = '%s' % KEYTOOL
3612N/A p = []
3612N/A p.append('-import -storetype JKS -keystore %s' % MY_KEYSTORE)
3612N/A p.append('-file %s' % CERT2_FILE)
3853N/A p.append('-storepass secret12 -alias admin-cert2')
3612N/A p.append('-noprompt')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Import I2 cert in new JKS keystore',
3612N/A 'command' : KEYTOOL,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I2_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-import-cert-i2.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3949N/A <!-- 6.1. Uninstall I1 -->
3612N/A <message>'++ Uninstall I1'</message>
3612N/A <script>
3612N/A c = '%s/uninstall%s' % (SEC_I1_ROOT, fileExt)
3612N/A p = []
6035N/A p.append('--cli --referencedHostName %s' % STAF_REMOTE_HOSTNAME)
3612N/A p.append('--adminUID admin --bindPassword %s' % DM_PW)
6035N/A p.append('--remove-all --no-prompt')
3612N/A p.append('--trustStorePath %s' % MY_KEYSTORE)
3612N/A p.append('--trustStorePassword secret12')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Uninstall I1',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I1_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-uninstall2-i1.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3949N/A <!-- 6.2. Uninstall I2 -->
3612N/A <message>'++ Uninstall I2'</message>
3612N/A <script>
3612N/A c = '%s/uninstall%s' % (SEC_I2_ROOT, fileExt)
3612N/A p = []
3949N/A p.append('--cli --no-prompt --trustAll')
3612N/A p.append('--adminUID admin --bindPasswordFile %s' % DM_PW_FILE)
3853N/A p.append('--remove-all')
3612N/A p = ' '.join(p)
3612N/A </script>
3612N/A
3612N/A <message>'%s %s' % (c, p)</message>
3612N/A <call function="'runCommand'">
3612N/A { 'location' : STAF_REMOTE_HOSTNAME,
3612N/A 'name' : 'Uninstall I2',
3612N/A 'command' : c,
3612N/A 'arguments' : p,
3612N/A 'path' : SEC_I2_ROOT,
3612N/A 'expectedRC': 0,
3612N/A 'outputFile': '%s/sec-uninstall-i2.txt' % OUT_GROUP,
3612N/A }
3612N/A </call>
3612N/A
3612N/A <call function="'testCase_Postamble'"/>
3612N/A
3612N/A </sequence>
3612N/A </testcase>
3612N/A
3612N/A <call function="'testSuite_Postamble'"/>
3612N/A
3612N/A </sequence>
3612N/A
3612N/A </function>
3612N/A
3612N/A</stax>