6031e9c7eb72435516a6828deb2e97533ed0382dludovicp<?xml version="1.0" encoding="UTF-8" standalone="no"?>
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! CDDL HEADER START
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! The contents of this file are subject to the terms of the
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! Common Development and Distribution License, Version 1.0 only
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! (the "License"). You may not use this file except in compliance
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! with the License.
3437829f938dbb44527d91fbbc5f430a1243c5a5JnRouvignac ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
3437829f938dbb44527d91fbbc5f430a1243c5a5JnRouvignac ! or http://forgerock.org/license/CDDLv1.0.html.
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! See the License for the specific language governing permissions
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! and limitations under the License.
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! When distributing Covered Code, include this CDDL HEADER in each
3437829f938dbb44527d91fbbc5f430a1243c5a5JnRouvignac ! file and include the License file at legal-notices/CDDLv1_0.txt.
3437829f938dbb44527d91fbbc5f430a1243c5a5JnRouvignac ! If applicable, add the following below this CDDL HEADER, with the
3437829f938dbb44527d91fbbc5f430a1243c5a5JnRouvignac ! fields enclosed by brackets "[]" replaced with your own identifying
3437829f938dbb44527d91fbbc5f430a1243c5a5JnRouvignac ! information:
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! Portions Copyright [yyyy] [name of copyright owner]
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! CDDL HEADER END
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ! Copyright 2010 Sun Microsystems, Inc.
a074bebeb08cbb6d20cdeab0e3689f1e1992b3c7csovant ! Portions Copyright 2013 ForgeRock AS
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <defaultcall function="clus_saslexternal_fingerprint"/>
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <function name="clus_saslexternal_fingerprint" scope="local">
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <!--- Test Suite information
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestSuiteName SASL external fingerprint mapper
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp check behaviors
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestSuitePurpose Test the results of ldap commands in the case
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp of fingerprint mapper
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestSuiteGroup ldapdmodify check behavior tests
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp if not CurrentTestPath.has_key('group'):
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp CurrentTestPath['group'] = 'clu_secure'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp CurrentTestPath['suite'] = STAXCurrentBlock
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <!--- Test Case information
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestMarker SASL external fingerprint blind trust
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp check behaviors
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestName Fingerprint to user attribute :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp server trust all client certificates
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestPurpose Test fingerprint certificate mapper
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp with blind trust
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestPreamble none
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Create a client-350-cert with dname
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp "uid=user.350,ou=People,dc=com"
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Configure fingerprint certificate mapper
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp with blind trust
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Make a ldapsearch using client-350-cert :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp should fail
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Add client-350-cert fingerprint to
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp user.350 attribute
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Make a ldapsearch using client-350-cert :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp should success
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp return "Anatoly"
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Allow user.350 to delete user.42*
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Make a ldapdelete using client-350-cert :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp should success
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Make a ldapseach using client-350-cert :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp should success
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp return "total number of matching entries: 0"
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestPostamble none
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestResult Success if ldapseach after delete return
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp "Total number of matching entries: 0"
a074bebeb08cbb6d20cdeab0e3689f1e1992b3c7csovant <testcase name="getTestCaseName('Fingerprint to user attribute : server trust all client certificates')">
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <!-- Create user.350 Certificate -->
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External : Client certicate :Step 1. Generating user.350 \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp client certificate'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'certAlias' : 'client-350-cert' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dname' : "uid=user.350,ou=People,dc=com",
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'storepass' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'keypass' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'storetype' : 'JKS'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: Client certicate :Step 2. Self-Signing user.350 \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp client Certicate'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'certAlias' : 'client-350-cert' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'storepass' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'keypass' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'storetype' : 'JKS'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: export : export user.350 certificate'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'certAlias' : 'client-350-cert' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'storepass' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'outputfile' : '%s/client_cert/client-350-cert.txt'\
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'storetype' : 'JKS',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'format' : 'rfc'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'userdn' : 'uid=user.350,ou=People,dc=com',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'user_cert_file_rfc': '%s/client_cert/client-350-cert.txt' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'ldif_path' : '%s/client_cert/client-350-cert.ldif' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir)
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <!--- Enable Subject DN to user attribute with blind trust-->
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: configure : Enable subject DN to user attribute \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp with blind trust'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'KeyMgr' : 'JKSPROVIDER',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'keystorePin' : 'keystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'handlerName' : 'EXTERNAL',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'certMapper' : 'Fingerprint Mapper',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'optionSaSL' : '--set certificate-validation-policy:always',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'certAlias' : 'server-cert2'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: Test fingerpint mapper : try to connect with \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp user.120 certificate'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSSL' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsTrustAll' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSASLExternal': ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePassword': 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCertNickname' : 'client-120-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsReportAuthzID' : ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsBaseDN' : 'dc=com' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsFilter' : 'uid=user.585' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsAttributes' : 'givenName',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 49
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp returnString = STAXResult[0][1]
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'returnString' : returnString ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedString' : 'Invalid Credentials'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <!-- get the fingerprint for user.350 -->
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'certAlias' : 'client-350-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'storepass' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir)
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp STAXCode = RC
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp certificateResult = STAXResult[0][1]
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp string_len=len(certificateResult)
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp index_MD5=certificateResult.find("MD5:")
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp index_SHA1=certificateResult.find("SHA1:")
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp index_Signature=certificateResult.find\
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp ("Signature algorithm name:")
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp MD5_fingerprint_user350=certificateResult\
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp [index_MD5+5:index_SHA1].strip()
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp if index_Signature == -1:
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp SHA1_fingerprint_user350=certificateResult\
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp [index_SHA1+5:string_len].strip()
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp SHA1_fingerprint_user350=certificateResult\
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp [index_SHA1+5:index_Signature].strip()
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: configure : add ds-certificate-fingerprint \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp attribute in user.350 entry'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'DNToModify' : 'uid=user.350,ou=people,dc=com',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'attributeName' : 'ds-certificate-fingerprint',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'newAttributeValue': MD5_fingerprint_user350,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'changetype' : 'add',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 0
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <!---Test Subject DN to user attribute ldapdelete behaviors -->
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: Test fingerpint mapper : try to connect with \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp user.350 certificate'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSSL' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsTrustAll' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSASLExternal': ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePassword' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCertNickname' : 'client-350-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsReportAuthzID' : ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsBaseDN' : 'dc=com' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsFilter' : 'uid=user.420' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsAttributes' : 'givenName',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 0
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp returnString = STAXResult[0][1]
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'returnString' : returnString ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedString' : 'Anitra'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: aci : allow permission delete for user.350'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp aci_allowdelete = 'clu_secure/clus_sasl_allowdelete.ldif'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsFilename' : '%s/%s' % (remote.data,aci_allowdelete),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 0
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: ldapdelete : delete user.420'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSSL' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsTrustAll' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSASLExternal': ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePassword' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCertNickname' : 'client-350-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsDn' : ['uid=user.420,ou=people,dc=com'],
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 0
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSSL' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsTrustAll' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSASLExternal': ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePassword' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCertNickname' : 'client-350-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCountEntries' : 'True' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsReportAuthzID' : ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsBaseDN' : 'dc=com' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsFilter' : 'uid=user.420' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 'noCheck'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp returnString = STAXResult[0][1]
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'returnString' : returnString ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedString' : 'Total number of matching entries: 0'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp </sequence>
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp </testcase>
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <!--- Test Case information
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestMarker SASL external fingerprint TrustStore
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp check behaviors
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestName Fingerprint to user attribute :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp server use TrustStore
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestPurpose Test fingerprint certificate mapper
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp withTrustStore
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestPreamble none
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Configure fingerprint certificate mapper
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp with TrustStore
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Make a ldapdelete using client-350-cert :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp should fail
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Add client-350-cert certificate
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp into server TrustStore
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Make a ldapsearch using client-350-cert :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp should success
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp return "Total number of matching entries: 1"
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Make a ldapdelete using client-350-cert :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp should success
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestStep Make a ldapseach using client-350-cert :
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp should success
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp return "total number of matching entries: 0"
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestPostamble none
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp #@TestResult Success if ldapseach after delete return
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp "Total number of matching entries: 0"
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <testcase name="getTestCaseName('Fingerprint mapper: with trust file manager')">
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <!--- Test SASL External Subject DN to user attribute with truststore -->
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: configure : Enable subject SN to user attribute \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp with TrustStore file'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'KeyMgr' : 'JKSPROVIDER',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'optionSaSL' : '--set certificate-validation-policy:always',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'keystorePin' : 'keystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'trustMgr' : 'JKS',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'truststorePin' : 'truststorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'handlerName' : 'EXTERNAL',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'certMapper' : 'Fingerprint mapper',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'certAlias' : 'server-cert2'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: ldapdelete : delete allow but certificate not in \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp TrustStore'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSSL' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsTrustAll' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSASLExternal': ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePassword' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCertNickname' : 'client-350-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsDn' : ['uid=user.421,ou=people,dc=com'],
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 81
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp <!--- Add the user.350 certificate to the server truststore -->
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: import : import user.350 certificate to server \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp truststore'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'certAlias' : 'client-350-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'inputfile' : '%s/client_cert/client-350-cert.txt' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'keystore' : '%s/config/servertruststore' %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'storepass' : 'truststorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'storetype' : 'JKS'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: restart LDAPS connection handler to re-read trustore'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'subcommand' : 'set-connection-handler-prop',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'objectType' : 'handler-name' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'objectName' : 'LDAPS Connection Handler',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'optionsString' : '--set enabled:false' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 0
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'subcommand' : 'set-connection-handler-prop',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'objectType' : 'handler-name' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'objectName' : 'LDAPS Connection Handler',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'optionsString' : '--set enabled:true' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 0
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSSL' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsTrustAll' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSASLExternal': ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePassword' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCertNickname' : 'client-350-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCountEntries' : 'True' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsReportAuthzID' : ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsBaseDN' : 'dc=com' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsFilter' : 'uid=user.421' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 'noCheck'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp returnString = STAXResult[0][1]
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'returnString' : returnString ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedString' : 'Total number of matching entries: 1'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'SASL External: ldapdelete : delete user.421'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSSL' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsTrustAll' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSASLExternal': ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePassword' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCertNickname' : 'client-350-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsDn' : ['uid=user.421,ou=people,dc=com'],
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 0
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSSL' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsTrustAll' : ' ' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsUseSASLExternal': ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePath' : '%s/client_cert/clientkeystore' \
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp %(InstanceInstallDir),
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsKeyStorePassword' : 'clientkeystorepass',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCertNickname' : 'client-350-cert',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsReportAuthzID' : ' ',
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsCountEntries' : 'True' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsBaseDN' : 'dc=com' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'dsFilter' : 'uid=user.421' ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedRC' : 'noCheck'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp returnString = STAXResult[0][1]
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'returnString' : returnString ,
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp 'expectedString' : 'Total number of matching entries: 0'
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp </sequence>
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp </testcase>
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp </sequence>
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp </sequence>
6031e9c7eb72435516a6828deb2e97533ed0382dludovicp </function>